13 matches found
CVE-2024-23821
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
GeoServer < 2.23.4 Path Traversal
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.4. It is, therefore, affected by a Path Traversal. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2024-23819
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
CVE-2024-23819 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...
PT-2024-13006 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.23.4 and prior Description: A path traversal vulnerability requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin...
GeoServer 安全漏洞
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective authentication of uploaded files. An...
CVE-2024-0657
The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'iljsettingsfieldlinksperpage' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes i...
PT-2024-15724 · WordPress · The Internal Link Juicer: Seo Auto Linker
Name of the Vulnerable Software and Affected Versions: The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress versions up to, and including, 2.23.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings, such as ilj settings field links per page,...
CVE-2021-46420
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information...
CVE-2008-2105
emailin.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE...
Mozilla Bugzilla HTML注入及信息泄露漏洞
Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Mozilla Bugzilla的几个功能模块实现上存在漏洞,远程攻击者可能利用这些漏洞非授权访问用户机器或获取敏感信息。 Bugzilla没有正确地转义一些Atom feed中所生成的字段,如果feed阅读器支持JavaScript且正确地实现了Atom feed规范的话,就可能导致执行跨站脚本。...