CVE-2024-2349

The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Elementor Flipbox widget in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Publication date: Thu, 02 May 2024 16:52:00 +0000

Cyber News related to CVE-2024-2349

CVE-2022-49979 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
10 months ago Feeds.dzone.com

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov

CVE-2024-2349 - The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Elementor Flipbox widget in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it ...
1 year ago

CVE-2025-21812 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov

CVE-2012-2349 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5104. Reason: This candidate is a reservation duplicate of CVE-2010-5104. Notes: All CVE users should reference CVE-2010-5104 instead of this candidate. All references and ...
55 years ago Tenable.com

CVE-2002-2349 - phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. ...
16 years ago

CVE-2010-2349 - H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. ...
15 years ago

CVE-2014-2349 - Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. ...
11 years ago

CVE-2015-2349 - Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter. ...
9 years ago

CVE-2004-2349 - Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries. ...
8 years ago

CVE-2016-2349 - Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. ...
8 years ago

CVE-2007-2349 - Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. The vendor has addressed this issue with the ...
8 years ago

CVE-2008-2349 - Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. ...
7 years ago

CVE-2006-2349 - E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, ...
6 years ago

CVE-2013-2349 - Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896. ...
5 years ago

CVE-2017-2349 - A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks ...
5 years ago

CVE-2005-2349 - Zoo 2.10 has Directory traversal ...
5 years ago

CVE-2011-2349 - Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection. ...
5 years ago

CVE-2023-2349 - A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It ...
1 year ago

CVE-2018-2349 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

CVE-2019-2349 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none ...
1 year ago

CVE-2022-2349 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. ...
1 year ago

CVE-2025-2349 - A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to ...
4 months ago