MINI-2477-HG72-VQ8M

Bulletin has no description...

MiracleLinux 7 : firefox-52.5.1-1.0.1.el7.AXS7 (AXSA:2017-2477:08)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2477:08 advisory. A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting...

EUVD-2026-2477

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...

CVE-2024-2477

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-2477

A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

CVE-2025-2477

The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2025-2477

The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2025-2477 CryoKey <= 2.4 - Reflected Cross-Site Scripting via 'ckemail' Parameter

The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2025-2477 CryoKey <= 2.4 - Reflected Cross-Site Scripting via 'ckemail' Parameter

The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-2477

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress wpDiscuz Plugin <= 7.6.15 is vulnerable to Cross Site Scripting (XSS)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.15 Fixed in 7.6.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2477 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6802b1a6ae17 Credits Ngô Thiên An ancorn Required...

Amazon Linux 2 : thunderbird (ALAS-2024-2477)

The version of thunderbird installed on the remote host is prior to 115.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2477 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting ...

openSUSE: Security Advisory for chromium (openSUSE-SU-2022:10073-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2477

CVE-2023-2477 affects Funadmin up to version 3.2.3. The vulnerability lies in the function tagLoad in file Cx.php where manipulating the argument file enables Cross-Site Scripting (XSS) . Exploitation can be carried out remotely and public disclosures exist. A practical mitigation mentioned in so...

SUSE CVE-2022-2477

Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

openSUSE 15 Security Update : opera (openSUSE-SU-2022:10087-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10087-1 advisory. - Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2022:10087-1 Rating: important References: Cross-References: CVE-2022-2163 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 CVSS scores: CVE-2022-2163 NV...

Mageia: Security Advisory (MGASA-2022-0268)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2477

Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-2477

Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...