CVE-2023-48649

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...

Design/Logic Flaw

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name...

PT-2023-30868 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 8.5.13 Concrete CMS versions 9.x prior to 9.2.2 Description: The issue allows unauthorized access due to directories being created with insecure permissions. File creation functions, such as the Mkdir function,...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

PT-2023-29285 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and below Concrete CMS versions 9.0.0 through 9.2.1 Description: Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS allow a local attacker to execute arbitrary code via a crafted script to the Forms...

SUSE CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

SUSE-SU-2022:3676-1 Security update for grafana

This update for grafana fixes the following issues: Updated to version 8.5.13 jscPED-2145, jscSLE-23439, jscSLE-23422, jscSLE-24565: - CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation bsc1203596. - CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is us...

Grafana Privilege Escalation Vulnerability (GHSA-rhxj-gh46-jvw8)

Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Grafana Privilege Escalation Vulnerability (GHSA-jv32-5578-pxjc)

Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Grafana 8.5.0 < 8.5.13, 9.0.0 < 9.0.9, 9.1.0 < 9.1.6 Privilege Escalation Vulnerability (GHSA-p978-56hq-r492)

Grafana is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:grafana:grafana"; if...

PT-2022-23151

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 8.5.13 Grafana versions prior to 9.0.9 Grafana versions prior to 9.1.6 Description The issue is related to Improper Preservation of Permissions, resulting in privilege escalation on some folders where Admin is the onl...

Grafana folders admin only permission privilege escalation

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

CVE-2021-39122

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version...

PT-2021-11996 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.13 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.5 Atlassian Jira Server and Data Center versions 8.14.0 through 8.15.1 Description: The issue allows an...

Design/Logic Flaw

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check...

Cross site request forgery (csrf)

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

Information Disclosure using JQL function membersOf - CVE-2020-36286

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to a publicly...

Username Enumeration through the render api resource - CVE-2020-36238

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. Affected...

CSRF in the SetFeatureEnabled.jspa resource - CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...