CVE-2026-29172

Craft Commerce (Craft CMS) is affected by a SQL Injection in the purchasables table sorting. Prior to versions 4.10.2 and 5.5.3, the sort parameter is split by | and the first part (column name) is used directly as an array key in orderBy() without whitelist validation, allowing an authenticated ...

CVE-2024-29172

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service...

CVE-2023-29172

Unauth. Reflected Cross-Site Scripting XSS vulnerability in PropertyHive plugin = 1.5.46 versions...

CVE-2023-29172

CVE-2023-29172 affects the WordPress PropertyHive plugin (versions ≤ 1.5.46). It describes unauthenticated Reflected XSS via the merge_ids parameter. Public reports (NVD, Red Hat/Wordfence, Patchstack) confirm the vulnerability and note that a fix exists in version 1.5.47. The impact is cross-sit...

CVE-2023-29172 WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in PropertyHive plugin = 1.5.46 versions...

WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)

Software PropertyHive Type Plugin Vulnerable versions = 1.5.46 Fixed in 1.5.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29172 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1f09421dbd25 Credits minhtuanact Requir...

@apim/auth0-lock-redux (>=1.0.0 <=1.0.2), @brudi-toolbox/id (>=1.4.5-next.1 <=2.0.4-next.2) +38 more potentially affected by CVE-2022-29172 via auth0-lock (>=10.14.0 <=11.31.0)

auth0-lock NPM version =10.14.0, =1.0.0, =1.4.5-next.1, =2.2.0, =1.0.0, =0.1.0, =0.3.0, =0.0.1, =1.0.0, =0.1.0, =0.5.3, =0.1.13, =1.0.0, =0.0.1, =0.0.5 - auth0-react-sample =1.0.0 and more Source cves: CVE-2022-29172 Source advisory: OSV:GHSA-7WW6-75FJ-JCJ7...

CVE-2022-29172 HTML injection with additional signup fields

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

CVE-2022-29172 HTML injection with additional signup fields

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

CVE-2022-29172

Auth0 Lock (auth0-lock) vulnerability CVE-2022-29172 affects versions before 11.33.0 where the “additional signup fields” feature allows HTML injection into the fields, storing invalid HTML in the user metadata payload (name property). This can cause a crafted link to render HTML in the recipient...

CVE-2020-29172

creationtimestamp| type| source ---|---|--- 2020-12-26 07:26:39+00:00| seen| https://t.me/cibsecurity/21320...

CVE-2020-29172

A cross-site scripting XSS vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting...

CVE-2020-29172

CVE-2020-29172 is a cross-site scripting vulnerability in the WordPress LiteSpeed Cache plugin prior to 3.6.1. The issue arises because the Toolbox Admin IPs/Server IP setting does not sanitize input, enabling injection of script payloads via the IP field. Some sources (WPVulnDB/OpenVAS explainer...