CVE-2024-29806
published 2024-03-27CVE-2024-29806: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows…
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.37%
29.0th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge | — | — |
| reservation_diary | redi_restaurant_reservation | n/a – 24.0128 | — |
| reservationdiary | redi_restaurant_reservation | <= 24.0128 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7ccw-86xw-4rp5: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation al
ghsa_unreviewed·2024-03-27
CVE-2024-29806 [HIGH] CWE-79 GHSA-7ccw-86xw-4rp5: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation al
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
vendor_msrc·2025-03-11·CVSS 6.5
CVE-2025-29806 [MEDIUM] CWE-843 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Description: No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
129.0.2792.52
129.0.6668.58/.59
9/19/2024
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?
Successful exploitation
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-reflected-cross-site-scripting-xss-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
2024-03-27
Published