{"vulnerability": "CVE-2025-2402", "sightings": [{"uuid": "2b61c704-e8a1-44cc-8af5-540e57abbf62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24020", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbhkcds3x2e", "content": "", "creation_timestamp": "2025-01-21T18:16:35.418956Z"}, {"uuid": "b30fd446-d40e-42ee-a598-c83cd97a75c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24024", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867985802521990", "content": "", "creation_timestamp": "2025-01-21T19:26:16.878972Z"}, {"uuid": "c51c4dca-e050-4d3a-9303-4ac8cad88326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24024", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgboa7tngm2f", "content": "", "creation_timestamp": "2025-01-21T20:16:13.165031Z"}, {"uuid": "b1df0c19-2464-4d16-8b73-4624010c239a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24020", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgbptfxezz2y", "content": "", "creation_timestamp": "2025-01-21T20:44:51.576405Z"}, {"uuid": "525ae94b-923e-4b11-9a07-a70462a4a985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24024", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgbptggrl72e", "content": "", "creation_timestamp": "2025-01-21T20:44:53.633243Z"}, {"uuid": "85be689e-eac8-45fa-a183-70f17b9a06c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24024", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgbpthmm7h2k", "content": "", "creation_timestamp": "2025-01-21T20:44:58.999614Z"}, {"uuid": "f254142d-9034-40ec-8a5b-7a368cf0d4fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24024", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113868311042121884", "content": "", "creation_timestamp": "2025-01-21T20:49:00.866360Z"}, {"uuid": "fa720f90-db03-402b-8d5d-1ede55194334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24029", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113942086561998142", "content": "", "creation_timestamp": "2025-02-03T21:31:04.659850Z"}, {"uuid": "7135534c-b339-4485-b769-86cc6dfc12d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24029", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhckyj5t2b2i", "content": "", "creation_timestamp": "2025-02-03T22:16:04.448583Z"}, {"uuid": "232f2562-8464-4e58-b92f-052376111fe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24027", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdoaz4klo2n", "content": "", "creation_timestamp": "2025-01-22T15:21:58.972945Z"}, {"uuid": "cb60642d-e544-4b73-807b-bb2743bb253b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2402", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3llnruhrno32t", "content": "", "creation_timestamp": "2025-03-31T06:59:08.666827Z"}, {"uuid": "b8e53600-148d-4f05-9e0a-0f9143fd669c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24029", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhcxybzd6i2e", "content": "", "creation_timestamp": "2025-02-04T02:08:37.164133Z"}, {"uuid": "6b8f0daa-e644-42e3-89ff-2c2f8d0df989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24024", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lgdprwe7ak2k", "content": "", "creation_timestamp": "2025-01-22T15:49:20.302157Z"}, {"uuid": "e5e9365d-fd88-41a7-a05f-5480e63cd1e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24027", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdpsqzcrd2k", "content": "", "creation_timestamp": "2025-01-22T15:49:55.148624Z"}, {"uuid": "406c6534-175b-449b-8424-242c45e4eac8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24028", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113964969320102674", "content": "", "creation_timestamp": "2025-02-07T22:30:27.945254Z"}, {"uuid": "e2389285-4367-4fe0-8a3b-7b2a4115d5b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24028", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhmq6sivhs2i", "content": "", "creation_timestamp": "2025-02-07T23:15:41.879840Z"}, {"uuid": "b9b8e9f9-c226-4ced-960f-093c4f0b6930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24023", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljim7ifhw62o", "content": "", "creation_timestamp": "2025-03-03T18:44:17.433549Z"}, {"uuid": "ef38cf6d-eb56-43eb-a605-adb9890627ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24022", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5gqanayt2o", "content": "", "creation_timestamp": "2025-05-14T16:38:09.489461Z"}, {"uuid": "45184670-d128-4da8-8b92-cdb193400227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-2402", "type": "seen", "source": "https://www.knime.com/security/advisories#CVE-2026-4649", "content": "", "creation_timestamp": "2026-03-25T03:00:10.000000Z"}, {"uuid": "7b6a01e4-5fb3-4630-81b7-59f1c60fba4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24028", "type": "seen", "source": "https://t.me/cvedetector/17530", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24028 - Joplin Rich Text Editor Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24028 \nPublished : Feb. 7, 2025, 11:15 p.m. | 2\u00a0hours, 19\u00a0minutes ago \nDescription : Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-08T03:12:09.000000Z"}, {"uuid": "7c0d62f2-d82c-49ee-94e9-704ea2b42358", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24020", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2430", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24020\n\ud83d\udd39 Description: WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.\n\ud83d\udccf Published: 2025-01-21T17:51:16.698Z\n\ud83d\udccf Modified: 2025-01-21T17:51:16.698Z\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6\n2. https://github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0\n3. https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.11", "creation_timestamp": "2025-01-21T18:00:40.000000Z"}, {"uuid": "4e279e7f-3ddb-4a2a-851b-e3bf9d356a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24025", "type": "seen", "source": "https://t.me/cvedetector/16312", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24025 - Coolify Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-24025 \nPublished : Jan. 24, 2025, 5:15 p.m. | 44\u00a0minutes ago \nDescription : Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T19:25:41.000000Z"}, {"uuid": "361204aa-a008-4af6-92b0-230bad92b3ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2402", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9593", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2402\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber)\n\ud83d\udd39 Description: A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. \n\n\n\nThere are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: \n\n\n\n  *  1.13.2 or later \n\n\n\n\n\n\n  *  1.12.3 or later \n\n\n\n\n\n\n  *  1.11.3 or later \n\n\n\n\n\n\n  *  1.10.3 or later\n\ud83d\udccf Published: 2025-03-31T06:11:39.805Z\n\ud83d\udccf Modified: 2025-03-31T06:11:39.805Z\n\ud83d\udd17 References:\n1. https://www.knime.com/security/advisories#CVE-2025-2402", "creation_timestamp": "2025-03-31T06:30:59.000000Z"}, {"uuid": "f11bf4fa-235a-44c4-9855-7cad460f477a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24025", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2942", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24025\n\ud83d\udd39 Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue.\n\ud83d\udccf Published: 2025-01-24T16:46:04.276Z\n\ud83d\udccf Modified: 2025-01-24T16:46:04.276Z\n\ud83d\udd17 References:\n1. https://github.com/coollabsio/coolify/security/advisories/GHSA-f2gf-jvmh-vq73", "creation_timestamp": "2025-01-24T17:04:56.000000Z"}, {"uuid": "a1162b1f-a761-456d-aed3-2fe1ca9f3924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24020", "type": "seen", "source": "Telegram/sKUMLDmYXnDHve4JmLEBLdtZC_gEIW0RhqFPh5p2kR9HY5P1", "content": "", "creation_timestamp": "2025-02-14T10:09:22.000000Z"}, {"uuid": "bebda209-1d88-41bf-8625-77da609947cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2402", "type": "seen", "source": "https://t.me/cvedetector/21565", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2402 - Minio Hardcoded Password Remote Authentication Bypass and Data Manipulation Vulnerability in KNIME Business Hub\", \n  \"Content\": \"CVE ID : CVE-2025-2402 \nPublished : March 31, 2025, 7:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly.   \n  \n  \n  \nThere are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub:   \n  \n  \n  \n  *  1.13.2 or later   \n  \n  \n  \n  \n  \n  \n  *  1.12.3 or later   \n  \n  \n  \n  \n  \n  \n  *  1.11.3 or later   \n  \n  \n  \n  \n  \n  \n  *  1.10.3 or later \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T10:49:40.000000Z"}, {"uuid": "386a0c1a-86c5-4b73-8d05-7b5ab8f72de6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24024", "type": "seen", "source": "https://t.me/cvedetector/16007", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24024 - Matrix Mjolnir Unrestricted Command Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24024 \nPublished : Jan. 21, 2025, 8:15 p.m. | 38\u00a0minutes ago \nDescription : Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature that introduced the bug, and version 1.9.2 reintroduces the feature safely. Downgrading to version 1.8.3 is recommended if upgrading to 1.9.1 or higher isn't possible. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T21:59:43.000000Z"}, {"uuid": "b2111441-c661-4748-a0ca-1e02846e4995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24020", "type": "seen", "source": "https://t.me/cvedetector/15986", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24020 - WeGIA Open Redirect Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24020 \nPublished : Jan. 21, 2025, 6:15 p.m. | 37\u00a0minutes ago \nDescription : WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T20:19:08.000000Z"}, {"uuid": "2d29cf86-558b-493f-a4df-1c5cd65fb876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24029", "type": "seen", "source": "https://t.me/cvedetector/17124", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24029 - Tuleap Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24029 \nPublished : Feb. 3, 2025, 10:15 p.m. | 23\u00a0minutes ago \nDescription : Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T23:40:46.000000Z"}, {"uuid": "72de33b9-b4b6-4004-806d-49f561747af3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24027", "type": "seen", "source": "https://t.me/cvedetector/16092", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24027 - PrestaShop ps_contactinfo XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24027 \nPublished : Jan. 22, 2025, 3:15 p.m. | 44\u00a0minutes ago \nDescription : ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps formatted addresses from displaying a XSS stored in the database, and the fix is expected to be available in version 3.3.3. No workarounds are available aside from applying the fix and keeping all modules maintained and update. \nSeverity: 6.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T17:13:26.000000Z"}, {"uuid": "34f0ae44-cbbe-4518-990c-eafb70daafa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24029", "type": "seen", "source": "Telegram/UBzudAiNZ1NbMtR_p5MNAz2pYLFzYuMQVLTCupit3IdUWeS2", "content": "", "creation_timestamp": "2025-02-06T02:40:20.000000Z"}]}