CVE-2024-57026

TawkTo Widget Version = 1.3.7 is vulnerable to Cross Site Scripting XSS due to processing user input in a way that allows JavaScript execution...

CVE-2024-57026

The CVE-2024-57026 entry concerns the TawkTo Widget, affected versions prior to or equal to 1.3.7, which are vulnerable to Cross Site Scripting (XSS) due to how user input is processed. This is the stated root cause and impact across connected sources (e.g., Red Hat, CVE listings, and PT Security...

SUSE SLES12 Security Update : libtasn1 (SUSE-SU-2025:0512-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0512-1 advisory. - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete...

Advisory ROSA-SA-2025-2655

Software: webkit4 2.44.1 OS: ROSA-CHROME packageevrstring: webkit4-2.44.1-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...

Advisory ROSA-SA-2025-2572

software: squid 5.10 OS: ROSA-CHROME packageevrstring: squid-5.10-1 CVE-ID: CVE-2024-45802 BDU-ID: 2024-08860 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to input processing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cau...

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors...

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors...

CVE-2024-40747 [20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

CVE-2024-40747 [20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

CVE-2024-40747

CVE-2024-40747 affects Joomla! core module chromes, where inputs are not properly processed, enabling cross-site scripting (XSS). The vulnerability is described across multiple feeds as applying to module chromes and is categorized with CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, base score 6....

PT-2025-2597 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Description: The issue arises from various module chromes not properly processing inputs, which leads to XSS vectors. This allows for potential cross-site scripting attacks. Recommendations: At th...

AZL-54434 CVE-2024-45338 affecting package kube-vip-cloud-provider for versions less than 0.0.10-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

ROS-20241015-16

A vulnerability in the Networking component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect authorization. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity ...

CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web...

CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web...

CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web...

CVE-2024-42412

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...

CVE-2024-40743

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

CVE-2024-40743

CVE-2024-40743 affects Joomla core Outputfilter::stripImages and Outputfilter::stripIframes: inputs are not properly processed, enabling XSS vectors. Root cause is improper handling in stripImages/stripIframes; impact is XSS exposure as described in multiple sources (e.g., BIT-JOOMLA-2024-40743, ...

PT-2024-29022 · Joomla +2 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from the stripImages and stripIframes methods not properly processing inputs, which leads to XSS vectors. There is no information...