MINI-892G-M768-2972

Bulletin has no description...

CVE-2026-2972

A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...

CVE-2026-2972

A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...

CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting

A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...

MiracleLinux 8 : php:7.4 (AXSA:2022-2972:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2972:01 advisory. php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7069 php: FILTERVALIDATEURL accepts URLs with invalid userinfo...

EUVD-2026-2972

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

MiracleLinux 7 : patch-2.7.1-10.el7 (AXSA:2018-2972:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2972:01 advisory. patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 Tenable has extracted the preceding description block directly from the...

CVE-2024-2972

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac...

Amazon Linux 2 : gstreamer-plugins-bad-free (ALAS-2025-2972)

The version of gstreamer-plugins-bad-free installed on the remote host is prior to 0.10.23-42. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2972 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE:...

CVE-2023-2972

Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3...

CVE-2025-2972

A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

CVE-2025-2972

creationtimestamp| type| source ---|---|--- 2025-03-31 03:30:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9586 2025-03-31 07:28:44+00:00| seen| https://t.me/cvedetector/21541...

CVE-2025-2972

The CVE-2025-2972 entry is marked with a CNA-rejected note in the Initial document, but connected records describe a ConcreteCMS-specific XSS issue: manipulation of the Title argument in the Page Attribute Display Block Handler can lead to cross-site scripting, affecting ConcreteCMS up to version...

CVE-2025-2972

...

CVE-2025-2972 ConcreteCMS Page Attribute Display Block cross site scripting

A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

Linux Distros Unpatched Vulnerability : CVE-2014-2972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted...

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification MMS protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial...

RHEL 5 : exim (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - exim: out-of-bounds access in stringinterpretescape leading to buffer overflow in the SMTP delivery proce...

CVE-2024-2972 Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac...

WordPress Chaty Plugin < 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions 3.1.9 Fixed in 3.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2972 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID de00cfe54026 Credits Dmitrii Ignatyev Required privilege...