CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/04/29 5:12 a.m.•54 views

CVE-2024-33571

CVE-2024-33571 is a Reflected XSS vulnerability in VOD Infomaniak (Infomaniak Staff VOD) for WordPress. The vulnerability affects VOD Infomaniak versions from n/a up to 1.5.6 and is triggered via improper input handling during web page generation. The connected Wordfence/KV data confirms the exis...

7.1CVSS5.9AI score0.00353EPSS

Exploits0References2

Cvelist•added 2024/04/29 5:12 a.m.•17 views

CVE-2024-33571 WordPress VOD Infomaniak plugin <= 1.5.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through = 1.5.6...

7.1CVSS7.1AI score0.00353EPSS

Patchstack•added 2024/04/25 12:0 a.m.•10 views

WordPress VOD Infomaniak Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software VOD Infomaniak Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33571 Patch priority Medium CVSS severity Medium 7.1 Developer Infomaniak Network PSID 28a7c79f4be8 Credits Rafie Muhammad Patchstack...

7.1CVSS6.5AI score0.00353EPSS

Exploits0References2Affected Software1

Debian•added 2024/02/29 7:11 p.m.•33 views

[SECURITY] [DLA 3744-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3744-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 29, 2024 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.04357EPSS

Tenable Nessus•added 2022/09/15 12:0 a.m.•42 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-django20) (RHSA-2021:3490)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3490 advisory. Security Fixes: Potential directory-traversal via archive.extract CVE-2021-3281 Potential directory traversal via admindocs CVE-2021-33203...

7.5CVSS6.7AI score0.41482EPSS

Exploits1References10

OpenVAS•added 2022/01/28 12:0 a.m.•32 views

Mageia: Security Advisory (MGASA-2021-0356)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.1AI score0.909EPSS

Exploits1References18

Tenable Nessus•added 2021/12/11 12:0 a.m.•45 views

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-django20) (RHSA-2021:5070)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5070 advisory. Security Fixes: Potential directory-traversal via archive.extract CVE-2021-3281 potential directory-traversal via uploaded files...

7.5CVSS6.7AI score0.41482EPSS

Exploits1References13

RedHat Linux•added 2021/09/15 1:41 p.m.•42 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-django20) security update

An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.6AI score0.41482EPSS

Exploits1References5

Mageia•added 2021/07/16 8:25 a.m.•54 views

Updated python-django package fixes security vulnerabilities

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability CVE-2021-28658. In Django 2.2 before 2.2.21, 3.1 before 3.1.9, an...

9.8CVSS1.7AI score0.909EPSS

Exploits1References16

ALT Linux•added 2021/07/13 12:0 a.m.•27 views

Security fix for the ALT Linux 9 package python3-module-django version 2.2.24-alt1

July 13, 2021 Alexey Shabalin 2.2.24-alt1 - new version 2.2.24 - Fixes for the following security vulnerabilities: + CVE-2021-28658 Potential directory-traversal via uploaded files + CVE-2021-31542 Potential directory-traversal via uploaded files + CVE-2021-32052 Header injection possibility sinc...

5CVSS7AI score0.04357EPSS

ALT Linux•added 2021/07/13 12:0 a.m.•30 views

Security fix for the ALT Linux 10 package python3-module-django version 2.2.24-alt1

5CVSS7AI score0.04357EPSS

ArchLinux•added 2021/06/15 12:0 a.m.•157 views

[ASA-202106-41] python-django: multiple issues

Arch Linux Security Advisory ASA-202106-41 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-33203 CVE-2021-33571 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2026 Summary ======= The package...

7.5CVSS0.4AI score0.00143EPSS

Exploits0References7

vulnersOsv•added 2021/06/10 5:21 p.m.•0 views

aa-structuretimers (=1.2.2), admin-tool-button (>=1.0.1a0 <=1.0.5a0) +1093 more potentially affected by CVE-2021-33571 via django (>=3.2.0 <=3.2.3)

django PYPI version =3.2.0, =1.0.1a0, =1.4.2, =5.10.1, =2022.9.19, =2.0.0, =0.0.1, =1.0.0, =1.0.6, =3.2.17.0, =1.0.0a4.dev0, =2023.1.0.dev0 and more Source cves: CVE-2021-33571 Source advisory: OSV:GHSA-P99V-5W3C-JQQ9...

vulnersOsv•added 2021/06/10 5:21 p.m.•1 views

alcali (>=2018.3.4 <=3000.1.0), archivebox (>=0.4.6 <=0.4.21) +216 more potentially affected by CVE-2021-33571 via django (>=3.0.0 <=3.1.11)

django PYPI version =3.0.0, =2018.3.4, =0.4.6, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.0.32, =0.0.33 and more Source cves: CVE-2021-33571 Source advisory: OSV:GHSA-P99V-5W3C-JQQ9...

vulnersOsv•added 2021/06/10 5:21 p.m.•0 views

aimmo (>=0.61.9 <=0.69.10b450), ambition-edc (>=0.3.68 <=0.3.72) +65 more potentially affected by CVE-2021-33571 via django (>=2.2.0 <=2.2.22)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2021-33571 Source advisory: OSV:GHSA-P99V-5W3C-JQQ9...

OpenVAS•added 2021/06/09 12:0 a.m.•30 views

Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Windows

Django is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.4AI score0.00143EPSS

OpenVAS•added 2021/06/09 12:0 a.m.•30 views

Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Linux

7.5CVSS6.4AI score0.00143EPSS

OSV•added 2021/06/08 6:15 p.m.•29 views

CVE-2021-33571

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

7.5CVSS7.5AI score

Exploits0References8

vulnersOsv•added 2021/06/08 6:15 p.m.•1 views

aimmo (>=0.61.9 <=0.69.10b450), ambition-edc (>=0.3.68 <=0.3.72) +65 more potentially affected by CVE-2021-33571 via django (>=2.2.0 <=2.2.22)