13 matches found
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
CVE-2025-31043
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.7...
CVE-2025-31043
creationtimestamp| type| source ---|---|--- 2025-03-31 06:31:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9602 2025-03-31 09:09:09+00:00| seen| https://t.me/cvedetector/21550...
CVE-2025-31043
CVE-2025-31043 : JetSearch (WordPress plugin) has a DOM-based cross-site scripting (XSS) vulnerability in the JetSearch component due to improper input handling during web page generation. Affected: JetSearch versions up to 3.5.7 (requires authenticated access at Contributor+ level). Impact: stor...
CVE-2025-31043 WordPress JetSearch plugin <= 3.5.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound JetSearch allows DOM-Based XSS. This issue affects JetSearch: from n/a through 3.5.7...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 stores unredacted passwords in logs when optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, despite redaction being configured via edb_filter_log.redact_password_commands. Affected versions and fixed targets are: 10.x bef...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
Debian DSA-5246-1 : mediawiki - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5246 advisory. - An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite...
Mageia: Security Advisory (MGASA-2022-0338)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Drupal 9.2.x < 9.2.21 / 9.3.x < 9.3.16 Drupal Multiple Vulnerabilities (SA-CORE-2022-011)
According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.21, 9.3.x prior to 9.3.16 or 9.4.x prior to 9.4.0-rc2. It is, therefore, affected by multiple vulnerabilities. - Guzzle is an open source PHP HTTP client. In affected versions the...
CVE-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle
Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...
CVE-2021-31043
...
CVE-2021-31043
CVE-2021-31043 is rejected/not used per the initial description.