36 matches found
CVE-2026-35057
XenForo is affected in versions prior to 2.3.10 and prior to 2.2.19. The vulnerability is a stored XSS in structured text mentions, primarily impacting legacy profile post content. An attacker can inject malicious scripts via crafted mentions that are stored and executed when other users view the...
OPENSUSE-SU-2025:15621-1 ruby3.4-rubygem-rack-2.2-2.2.19-1.1 on GA media
These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.19-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
Allocation of Resources Without Limits or Throttling
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
DEBIAN-CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61772 Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...
Rack 资源管理错误漏洞
Rack is a modular Ruby web server interface open-sourced by Rack. A resource management error vulnerability exists in Rack versions prior to 2.2.19, prior to 3.1.17, and prior to 3.2.2, which stems from unrestricted buffering of multipart leading code by Rack::Multipart::Parser, which can lead to...
CVE-2024-4398
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2019-15777
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settingsemail= XSS...
WordPress plugin HTML5 Audio Player 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2024-13561)
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...
CMS Made Simple <= 2.2.20 Multiple Vulnerabilities
CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...
CVE-2024-27622
A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with...
CVE-2024-27623
CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs...
Cross site scripting
CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting XSS. This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field...
PT-2024-21974 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.19 Description: The issue is a Cross Site Scripting XSS vulnerability that resides in the File Manager module of the admin panel. It arises due to inadequate sanitization of user input in the "New directory" field...
CMS Made Simple Security Breach
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...
CMS Made Simple Security Breach
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version 2.2.1...
CVE-2024-27625
CVE-2024-27625 affects CMS Made Simple version 2.2.19 and specifically targets the File Manager module in the admin panel. The root cause is inadequate sanitization of user input in the "New directory" field, enabling cross-site scripting (XSS). The vulnerability is documented across multiple sou...