CVE-2024-23569
HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header
CVSS
4.3
Medio
EPSS
—
KEV
—
Exploit Today
0
0-100
Publicado: 17 jul 2026 · Última mod.: 17 jul 2026 · CWE-692
Sin historial EPSS suficiente todavía.
HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-152954.4 MED8.8%
——3The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.3dCVE-2024-422145.3 MED—
——0HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the Web server which allows an attacker to narrow and intensify their efforts.5h