CVE-2026-24870

creationtimestamp| type| source ---|---|--- 2026-01-27 19:36:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdgiydlfb32i...

CVE-2024-24870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

CVE-2025-24870

creationtimestamp| type| source ---|---|--- 2025-02-11 01:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuid2r7ew2v 2025-02-11 01:26:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113982647746256616 2025-02-11 03:07:44+00:00| seen|...

CVE-2025-24870

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive...

CVE-2025-24870 Insecure Key & Secret Management vulnerability in SAP GUI for Windows

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive...

CVE-2025-24870

CVE-2025-24870 affects SAP GUI for Windows (and RFC service) where credentials are stored in the process memory. This can allow an unauthenticated (local) attacker to access sensitive information and cause privilege escalation, with confidentiality impact but no reported integrity/availability im...

CVE-2022-24870

Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users are advised to...

CVE-2021-24870

creationtimestamp| type| source ---|---|--- 2024-02-06 14:16:50+00:00| seen| https://t.me/ctinow/180006...

CVE-2024-24870

creationtimestamp| type| source ---|---|--- 2024-02-05 07:27:01+00:00| seen| https://t.me/ctinow/179002 2024-02-29 08:16:41+00:00| seen| https://t.me/ctinow/196323...

CVE-2024-24870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

CVE-2024-24870 WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10...

CVE-2024-24870

The CVE-2024-24870 entry describes a Stored XSS in the WordPress Advanced iFrame plugin (≤ 2023.10) due to Improper Neutralization of Input During Web Page Generation. Affected component: Advanced iFrame plugin; root cause: insufficient input sanitization/escaping in the advanced_iframe context. ...

Cross site scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2021-24870

CVE-2021-24870 concerns the WordPress plugin WP Fastest Cache prior to 0.9.5. The vulnerability is a CSRF/checks-and-escaping flaw in the wpfc_save_cdn_integration AJAX action, coupled with insufficient sanitization/escaping of options, which could allow a logged-in, high-privilege user to trigge...

CVE-2021-24870 WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfcsavecdnintegration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripti...

CVE-2021-24870 WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfcsavecdnintegration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripti...

Microsoft Windows Multiple Vulnerabilities (KB5023713)

This host is missing a critical security update according to Microsoft KB5023713 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-24870

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability...

CVE-2023-24870

Technical details about CVE-2023-24870 (affected product, root cause, impact, remediation) are not provided in the supplied documents. Monitor for updates from Microsoft and CVE databases.

CVE-2023-24870 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

...