Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-12251

In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.

Published

2025-02-12T15:15:12.370

Last Modified

2025-03-28T18:33:37.333

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-77
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	telerik	ui_for_winui	< 3.0.0	Yes

References

https://docs.telerik.com/devtools/winui/security/kb-security-command-injection-cve-2024-12251 Vendor Advisory ([email protected])