In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.Referenceshttps://docs.telerik.com/reporting/knowledge-base/command-injection-cve-2024-7840
