CVE-2024-39311

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...

EUVD-2023-39311

Malicious code in bioql PyPI...

CVE-2024-39311

creationtimestamp| type| source ---|---|--- 2025-03-28 17:45:33+00:00| seen| https://t.me/cvedetector/21451...

CVE-2024-39311

Publify CVE-2024-39311 is a publicly documented XSS vulnerability in older Publify Rails apps. Before Publify 10.0.1 (and before publify_core 10.0.2), a publisher could trigger an administrator XSS via the redirect feature, requiring the admin to click a malicious link. Impact described includes ...

CVE-2024-39311 Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...

CVE-2024-39311 Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the publifycore rubygem, publisher on a publify application is able to perform a cross-site scripting XSS attack on an administrator using the redirect...

CVE-2023-39311

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1...

CVE-2023-39311

CVE-2023-39311 is a CSRF vulnerability in the WordPress plugin Fusion Builder (Fusion Builder). Affected versions are Fusion Builder

WordPress Fusion Builder Plugin <= 3.11.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39311 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 970dca7b1596 Credits Rafie Muhammad...

CVE-2022-39311

creationtimestamp| type| source ---|---|--- 2022-10-15 00:29:20+00:00| seen| https://t.me/cibsecurity/51511...

CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...

CVE-2022-39311

CVE-2022-39311 affects GoCD (continuous delivery server). The vulnerability lies in the Spring RemoteInvocation endpoint, which exposed agent communication and allowed deserialization of arbitrary Java objects, enabling remote code execution on the server. Exploitation requires agent-level authen...

CVE-2021-39311

creationtimestamp| type| source ---|---|--- 2021-12-14 18:15:18+00:00| seen| https://t.me/cibsecurity/33932...

CVE-2021-39311

The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the /llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-39311 link-list-manager <= 1.0 Reflected Cross-Site Scripting

The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the /llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-39311

The CVE-2021-39311 affects the WordPress plugin Link List Manager (versions up to 1.0). The vulnerability is a Reflected Cross-Site Scripting via the category parameter in the llm.php script, caused by lack of input validation/filtering. Impact as per sources: attacker could inject client-side sc...