CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO...

CVE-2022-26980

CVE-2022-26980 affects Teampass 2.1.26 and is described as a reflected XSS vulnerability via the index.php PATH_INFO. The linked sources corroborate a reflected XSS issue but do not provide an official patch version or remediation in the supplied documents. Documented CVSS scores from NVD (2.0/3....

CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO...

Teampass 跨站脚本漏洞

TeamPass is an open source password manager from the individual developer NILS LAUMAILLÉ Nils Laumaillé. A security vulnerability exists in Teampass 2.1.26, which can be exploited by an attacker via index.php PATHINFO...

RHEL 7 : .NET Core 2.1 on Red Hat Enterprise Linux (RHSA-2021:0787)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0787 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Tautulli 2.1.26 Cross Site Scripting

Tautulli https://tautulli.com/ is a Python based monitoring and tracking tool for Plex Media Server. We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and Tautulli would fail to sanitize the username so that when the Plex Media Serve...

Default credentials

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page...

Cross-site Scripting (XSS)

mailman is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL...

CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0618

Removed by vendor...

JVN#00846677: Mailman vulnerable to cross-site scripting

Mailman provided by GNU Mailman contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

Mailman Cross-Site Scripting Vulnerability

Mailman is a set of shareware developed in the Python language that allows you to manage mailing lists.Web UI is one of the web management interfaces. A cross-site scripting vulnerability exists in the Web UI of Mailman versions prior to 2.1.26. A remote attacker can exploit this vulnerability to...

CVE-2018-5950

Cross-site scripting XSS vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL...

TeamPass Passwords Management System 2.1.26 File Download

ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected:...

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download 1. ADVISORY INFORMATION ======================================== Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download Application: TeamPass Passwords Management System Class: Sensitiv...

TeamPass SQL Injection Vulnerability

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in TeamPass versions 2.1.26, 2.1.25, and 2.1.24, which stems from the program failing to properly filter user-submitted input when constructing SQL query statements. An attacker could use this...

Teampass 2.1.26 - Authenticated File Upload Vulnerability

Document Title: =============== Teampass 2.1.26 - Authenticated File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1866 Release Date: ============= 2016-07-06 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2013-4122

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...