34 matches found
CVE-2026-2519
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...
CVE-2024-53846 ssl fails to validate incorrect extened key usage
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...
Erlang/OTP 信任管理问题漏洞
Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library can catch exceptions raised by the node.js built-in API. A trust management issue vulnerability exists in Erlang/OTP OTP-25.3.2.8 version, OTP-26.2 version, and OTP-27.0 version,...
PT-2024-10115
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 25.3.2.8 through 27.0 Erlang OTP version 26.2 Erlang OTP versions prior to 27.1.3 Description A regression in the ssl application of Erlang OTP causes a server or client to verify the peer even when incorrect extended key...
CVE-2024-51507
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name...
CVE-2024-51508
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index...
CVE-2024-51509
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" aka tiki-adminmodules.php stored XSS payload in the Name...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2024-51508
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index...
CVE-2024-51509
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" aka tiki-adminmodules.php stored XSS payload in the Name...
CVE-2024-51507
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name...
CVE-2024-51508
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index...
CVE-2024-51509
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" aka tiki-adminmodules.php stored XSS payload in the Name...
Tiki 安全漏洞
Tiki is a suite of open source content management and portal applications from the Tiki community that can be used to create web applications, portals, corporate intranets, extranets, and more. A security vulnerability exists in Tiki 27.0 and earlier versions, which originates from a user with...
CVE-2024-51509
CVE-2024-51509 affects Tiki Wiki CMS Groupware up to version 27.0. Vulnerability: users with certain permissions can insert a stored XSS payload in the Name field of Modules (tiki-admin_modules.php). Impact is injection of a stored XSS payload as described in multiple sources; no explicit remedia...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2024-51506
CVE-2024-51506 affects Tiki Wiki CMS Groupware prior to 27.1. Multiple XSS vulnerabilities exist where a user with certain permissions can insert a stored XSS payload into the description of a newly created Wiki page. Publicly disclosed references from Red Hat and OpenVAS corroborate a stored XSS...
CVE-2024-51508
Affected product: Tiki Wiki CMS Groupware
CVE-2024-51507
Tiki Wiki CMS Groupware