15 matches found
CVE-2021-24745
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2025-24745
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Classified Listing classified-listing allows Reflected XSS.This issue affects Classified Listing: from n/a through = 4.0.1...
CVE-2025-24745
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RadiusTheme Classified Listing classified-listing allows Reflected XSS.This issue affects Classified Listing: from n/a through = 4.0.1...
CVE-2025-24745
The CVE-2025-24745 entry concerns the RadiusTheme Classified Listing WordPress plugin (versions n/a through 4.0.1) with a Reflected Cross-Site Scripting (XSS) flaw arising from improper input neutralization during web page generation. The vulnerability enables XSS where user-supplied input is not...
CVE-2024-11548
IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...
CVE-2024-11548 IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...
CVE-2024-11548 IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...
CVE-2022-24745 Guest session is shared between customers in shopware
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
CVE-2022-24745
CVE-2022-24745 affects Shopware (Shopware platform) when HTTP caching is enabled. The issue allows guest sessions to be shared between customers due to improper handling of HTTP cache headers in affected versions (Varnish setups are not affected). Root cause is related to caching behavior that ex...
CVE-2022-24745 Guest session is shared between customers in shopware
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
CVE-2021-24745
creationtimestamp| type| source ---|---|--- 2021-11-29 12:33:27+00:00| seen| https://t.me/cibsecurity/33029...
CVE-2021-24745
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24745
CVE-2021-24745 affects the WordPress plugin About Author Box (versions before 1.0.2). The root cause is failure to sanitize and escape values in the Social Profiles field before rendering in attributes, enabling a stored cross-site scripting (XSS) flaw. The issue permits a user with a low-privile...
CVE-2021-24745 About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks...
Product update: Virtuozzo Infrastructure Platform 3.0 Update 1 (3.0.1-55)
This update provides a new feature as well as stability and usability fixes. Vulnerability id: VSTOR-23861 Wrong details were reported for software RAID partitions. Vulnerability id: VSTOR-24687 Log rotation could lead to agent restart. Vulnerability id: VSTOR-24814 Network configuration was not...