16 matches found
CVE-2022-31138
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute...
CVE-2023-31138
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
CVE-2025-31138
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...
CVE-2025-31138
creationtimestamp| type| source ---|---|--- 2025-04-07 18:45:02+00:00| seen| https://t.me/cvedetector/22334 2025-08-09 17:25:38+00:00| seen| MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea 2025-09-10 07:00:40+00:00| seen| MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea...
CVE-2025-31138
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...
CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...
CVE-2024-31138
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings...
CVE-2023-31138
CVE-2023-31138 affects DHIS2 Core: starting in the 2.36 branch and before 2.37.9.1, 2.38.3.1, or 2.39.1.2, authenticated users with write access to an object may modify related objects via object model traversal in a PATCH payload. Mitigation is to upgrade to a supported version: 2.37.9.1, 2.38.3...
CVE-2023-31138 DHIS2 Core vulnerable to Improper Access Control with PATCH requests
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
CVE-2022-31138 OS Command Injection in mailcow
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute...
CVE-2022-31138
CVE-2022-31138 affects mailcow-dockerized prior to version 2022-06a, where an extended privilege vulnerability allows code execution via user-controlled imapsync parameters such as regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd...
CVE-2022-31138 OS Command Injection in mailcow
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute...
CVE-2022-31138 OS Command Injection in mailcow
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute...
CVE-2022-31138
creationtimestamp| type| source ---|---|--- 2022-07-11 07:05:49+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2676 2022-07-11 18:21:54+00:00| seen| https://t.me/cibsecurity/45932 2022-07-12 11:00:26+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6380...
CVE-2021-31138
...
CVE-2021-31138
CVE-2021-31138 is rejected and not used; it does not represent an active vulnerability entry.