NotCVE - vendor:"Icon" product:"Icon" version:" >= 0.0.0.0 <= 1.0.0.10"

3 results (0.002 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-42352 – Server-Side Request Forgery (SSRF) in nuxt-icon

https://notcve.org/view.php?id=CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. • https://github.com/nuxt/icon/security/advisories/GHSA-cxgv-px37-4mp2 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-30445 – WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-30445

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en GhozyLab, Inc. Web Icons permite XSS almacenado. Este problema afecta a Web Icons: desde n/a hasta 1.0.0.10. • https://patchstack.com/database/vulnerability/icon/wordpress-web-icons-plugin-1-0-0-10-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-29933 – WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-29933

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en GhozyLab, Inc. Web Icons permite almacenar XSS. Este problema afecta a Web Icons: desde n/a hasta 1.0.0.10. • https://patchstack.com/database/vulnerability/icon/wordpress-web-icons-plugin-1-0-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •