Jira < 8.1.1 - Cross-Site Scripting

Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter. id: CVE-2019-3402 info: name: Jira 8.1.1 - Cross-Site Scripting author: pdteam severity: medium description: | Jira before 8.1.1 contains a cross-site...

CVE-2026-3402

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The...

CVE-2026-3402

creationtimestamp| type| source ---|---|--- 2026-03-02 03:48:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg2dvmko2x2u...

CVE-2026-3402 PHPGurukul Student Record Management System edit-course.php cross site scripting

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The...

EUVD-2026-3402

esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages...

Linux Distros Unpatched Vulnerability : CVE-2021-3402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial...

CVE-2022-3402

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's...

CVE-2025-3402

creationtimestamp| type| source ---|---|--- 2025-04-08 02:45:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10812 2025-04-08 05:17:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmbpwo5u3z2v 2025-04-08 08:08:08+00:00| seen|...

CVE-2025-3402 Seeyon Zhiyuan Interconnect FE Collaborative Office Platform check.js%70 sql injection

A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack may be initiated...

CVE-2025-3402

Vulnerability CVE-2025-3402 affects Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2. The issue arises from improper handling of the Name argument in the file /sysform/042/check.js70, enabling SQL injection. A remote attacker could exploit this, with exploitation publicly disclo...

RHEL 9 : mod_http2 (RHSA-2024:3402)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3402 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: CONTINUATION...

Malicious code in wlwz-2312-3402 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226e8e0bff035095e6125dbe6be7e75eb5ac28130aa84dc2c17a0460f554cf99 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Atlassian Jira 8.0.0 < 8.1.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4 or 8.0.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers to inject arbitrary HTM...

Atlassian Jira 7.13.x < 7.13.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4 or 8.0.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers to inject arbitrary HTM...

CVE-2022-3402

creationtimestamp| type| source ---|---|--- 2022-10-28 22:29:40+00:00| seen| https://t.me/cibsecurity/52246...

CVE-2022-3402

CVE-2022-3402 affects the WordPress Log HTTP Requests plugin. A Stored Cross-Site Scripting (XSS) flaw exists in versions up to and including 1.3.1 due to insufficient input sanitization and output escaping in logged HTTP requests. Exploitation requires an unauthenticated user to trick an adminis...

CVE-2022-3402 Log HTTP Requests <= 1.3.1 - Stored Cross-Site Scripting

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site's...

CVE-2021-3402

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4...

CVE-2021-3402

CVE-2021-3402 affects YARA v4.0.3 and earlier due to an integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c. This can allow a malicious Mach-O file to cause a denial of service or information disclosure . The vulnerability is fixed in libyara 4.0.4 ; upgrading to t...

CVE-2020-3402

Cisco CVP CVE-2020-3402 affects the Java RMI interface of the Cisco Unified Customer Voice Portal. The root cause is that certain RMI listeners are not properly authenticated, allowing an unauthenticated, remote attacker to access sensitive information on an affected device by sending a crafted r...