In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
https://docs.telerik.com/devtools/wpf/knowledge-base/command-injection-cve-2024-7575
Source: Mitre, NVD
Published: 2024-09-25
Updated: 2024-10-03
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H