silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session...
6.1AI Score
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
A cross-site scripting vulnerability in VersionedRequestFilter has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested...
6.3AI Score
Silverstripe Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...
7.2AI Score
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant....
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.....
7.1AI Score
(RHSA-2024:2877) Important: OpenShift Container Platform 4.13.42 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the container...
7.4AI Score
0.0005EPSS
(RHSA-2024:2875) Important: OpenShift Container Platform 4.13.42 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the RPM...
6.8AI Score
0.037EPSS
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters. For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush"...
7.2AI Score
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters. For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush"...
7.2AI Score
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.1AI Score
Silverstripe External redirection risk in Security?ReturnURL
A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site. For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page...
7AI Score
Silverstripe External redirection risk in Security?ReturnURL
A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site. For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page...
7AI Score
urlaub.sylt-sothebysrealty.com Cross Site Scripting vulnerability OBB-3930056
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
edeis.com Cross Site Scripting vulnerability OBB-3930057
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
buvettegastrotheque.com Cross Site Scripting vulnerability OBB-3930054
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
budgettraveltalk.com Cross Site Scripting vulnerability OBB-3930053
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
groupespro.com Cross Site Scripting vulnerability OBB-3930052
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dulhemiyan.com Cross Site Scripting vulnerability OBB-3930050
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dutchdesignersoutlet.com Cross Site Scripting vulnerability OBB-3930051
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Silverstripe X-Forwarded-Host request hostname injection
A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...
7.3AI Score
Silverstripe X-Forwarded-Host request hostname injection
A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...
7.3AI Score
syfpeithi.com Cross Site Scripting vulnerability OBB-3930045
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
laurierduvallon.com Cross Site Scripting vulnerability OBB-3930047
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
palocok.com Cross Site Scripting vulnerability OBB-3930049
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
neatanswers.com Cross Site Scripting vulnerability OBB-3930048
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
signaturecontractors.com Cross Site Scripting vulnerability OBB-3930046
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
keanmiller.com Cross Site Scripting vulnerability OBB-3930043
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
pinkpearlwriting.com Cross Site Scripting vulnerability OBB-3930041
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
richandthompson.com Cross Site Scripting vulnerability OBB-3930042
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
artonicweb.com Cross Site Scripting vulnerability OBB-3930044
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
giibi.com Cross Site Scripting vulnerability OBB-3930038
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
nipro-group.com Cross Site Scripting vulnerability OBB-3930039
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
meinvite.com Cross Site Scripting vulnerability OBB-3930037
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sola-resort.com Cross Site Scripting vulnerability OBB-3930036
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
0.0004EPSS
CVE-2024-4365 Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
7.7AI Score
0.001EPSS
7.5AI Score
7.2AI Score
0.0004EPSS
CVE-2024-24579 vulnerabilities
Vulnerabilities for packages: syft, kubescape, wolfictl, k9s, zarf,...
9.8AI Score
0.001EPSS
6.6AI Score
0.001EPSS
7.7AI Score
0.002EPSS
7.5AI Score
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: apko, tkn, aactl, flux-source-controller, falco, slsa-verifier, melange, wolfictl, kubescape, spire-server, goreleaser, gitsign, tekton-chains, falcoctl, policy-controller, zot, ko, zarf,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: dagger, tkn, crossplane, kaniko, aactl, telegraf, datadog-agent, buf, kargo, docker-compose, grype, ctop, melange, cadvisor, trivy, syft, kubescape, wolfictl, spire-server, goreleaser, up, prometheus, buildkitd, zot, ko, conftest,...
7.5AI Score