CVE-2024-47379
published 2024-10-05CVE-2024-47379: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows…
PriorityP426high7.1CVSS 3.1
AVNACLPRNUIRSCCLILAL
EPSS
0.29%
20.9th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 4.15.0-239.251 | 4.15.0-239.251 |
| shamalli | web_directory_free | <= 1.7.3 | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2025-07-08·CVSS 7.8
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- ACPI drivers;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Network traffic control;
- USB sound devices;
(CVE-2025-37932, CVE-2024-53197, CVE-2024-50116, CVE-2021-47379,
CVE-2024-49958, CVE-2022-49179, CVE-2024-46787, CVE-2024-41070,
CVE-2025-38000, CVE-2024-56662, CVE-2022-49176, CVE-2025-37798)
OSV
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
osv·2025-07-08·CVSS 7.8
CVE-2025-37932 linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- ACPI drivers;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Network traffic control;
- USB sound devices;
(CVE-2025-37932, CVE-2024-53197, CVE-2024-50116, CVE-2021-47379,
CVE-2024-49958, CVE-2022-49179, CVE-2024-46787, CVE-2024-41070,
CVE-2025-38000, CVE-2024-56662, CVE-2022-49176, CVE-2025-37798)
GHSA
GHSA-xhr5-q8cq-g8ch: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sale php scripts Web Directory Free allow
ghsa_unreviewed·2024-10-05
CVE-2024-47379 [HIGH] CWE-79 GHSA-xhr5-q8cq-g8ch: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sale php scripts Web Directory Free allow
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sale php scripts Web Directory Free allows Reflected XSS.This issue affects Web Directory Free: from n/a through 1.7.3.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-05
Published