WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting

The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting XSS in versions up to and including 2.11.7 due to insufficient input sanitization and output escaping in the 'place' parameter. id: CVE-2024-29137 info: name: WordPress Tourfic Plugin = 2.11.7 - Cross-Site Scripting...

CVE-2026-29137

creationtimestamp| type| source ---|---|--- 2026-04-02 10:31:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miiyublvrn2q...

CVE-2026-29137

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject...

CVE-2026-29137 Long Subject Untagging

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject...

CVE-2023-29137

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...

CVE-2021-29137

A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

CVE-2020-29137

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface SEC-577...

CVE-2025-29137

creationtimestamp| type| source ---|---|--- 2025-03-19 18:43:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtncb32b26 2025-03-19 18:49:24+00:00| seen| https://t.me/cvedetector/20649 2025-03-19 21:18:39+00:00| published-proof-of-concept|...

CVE-2025-29137

Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the formfastsettingwifiset function, which can cause RCE...

CVE-2025-29137

CVE-2025-29137 affects Tenda AC7 router. The vulnerability is a buffer overflow in the timeZone parameter of the form_fast_setting_wifi_set function, leading to remote code execution (RCE). Public sources in the dataset corroborate the buffer overflow and arbitrary-code execution potential. No ex...

CVE-2024-29137

creationtimestamp| type| source ---|---|--- 2024-03-19 15:27:07+00:00| seen| https://t.me/ctinow/211612 2026-01-15 21:03:04+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mciiael3oh2f...

CVE-2024-29137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7...

CVE-2024-29137 WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.7...

CVE-2024-29137 WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.7...

CVE-2024-29137

The WordPress Tourfic plugin is affected up to version 2.11.7 with a Reflected XSS vulnerability in the place parameter due to insufficient input sanitization and output escaping. This can allow attackers to execute scripts in users’ browsers. Remediation: upgrade to Tourfic 2.11.8 or later. The ...

WordPress Tourfic Plugin <= 2.11.7 is vulnerable to Cross Site Scripting (XSS)

Software Tourfic Type Plugin Vulnerable versions = 2.11.7 Fixed in 2.11.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29137 Patch priority Medium CVSS severity Medium 7.1 Developer Themefic PSID 46fbea9a6c10 Credits LVT-tholv2k Required privilege Unauthenticate...

cpcaauto.com Cross Site Scripting vulnerability OBB-3440350

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-29137

creationtimestamp| type| source ---|---|--- 2023-03-31 22:22:24+00:00| seen| https://t.me/cibsecurity/61273...

CVE-2023-29137

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...

CVE-2023-29137

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...