Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability was discovered in ProjectGeneral/editprojectsettings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title apptitle field when editing an existing project. The payload i...

CVE-2022-24127

A Stored Cross-Site Scripting XSS vulnerability was discovered in ProjectGeneral/editprojectsettings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title apptitle field when editing an existing project. The payload i...

Improper access control

A vulnerability has been identified in Xpedition Designer VX.2.10 All versions VX.2.10 Update 13, Xpedition Designer VX.2.11 All versions VX.2.11 Update 11, Xpedition Designer VX.2.12 All versions VX.2.12 Update 5, Xpedition Designer VX.2.13 All versions VX.2.13 Update 1. The affected application...

Arbitrary Code Injection

convert-svg-core is vulnerable to arbitrary code injection. The vulnerability exists because the library does not properly remove the malicious attributes from the SVG element before being rendered, allowing an attacker to read files from the file system and show the file content as a PNG file by...

Code injection via SVG file in convert-svg-core

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

CVE-2022-24429

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

CVE-2022-24429

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

Code injection

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

CVE-2022-24429 Arbitrary Code Injection

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

Arbitrary Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then...

Arbitrary Code Injection

gatsby-plugin-mdx is vulnerable to arbitrary code injection. The vulnerability exists because the gatsby-plugin-mdx allows JS engine for frontmatter by default due to untrusted inputs which allows an attacker to inject arbitrary codes...

Arbitrary Code Injection

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Zoo-Management-System Cross-Site Scripting Vulnerability

Zoo Management System 1.0 is a cross-site scripting vulnerability in Zoo Management System. The source of the vulnerability, admin/manage-ticket.php, has a problem with input value handling, which can be exploited to inject arbitrary html and script code into the website...

Arbitrary Code Injection

smarty/smarty is vulnerable to arbitrary code injection. The vulnerability exists due to incorrect logic in block name and include file name assignments in setting buffer for template function which allows an attacker to inject and execute malicious code...

Arbitrary Code Injection

publifycore is vulnerable to arbitrary code injection. The vulnerability exists in htmlpostprocess in feedback.rb because the application doesn't filter the user comments which allows an attacker to inject html codes in the database...

Arbitrary Code Injection

Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the File Abstraction Layer FAL when renaming a file, by using unspecified characters in the file extension. Note: This is only exploitable if the...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file upload functionality. An attacker can execute arbitrary code by uploading a file with a crafted extension and then accessing it through unspecified vectors. Remediation Upgrade in2code/powermail to...

GHSA-4W6C-3HCX-RFJ5 MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php

A cross-site scripting XSS vulnerability in the MantisBT Configuration Report page admconfigreport.php allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted 'configoption' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3...

GHSA-X53V-V9XP-GF6G MantisBT XSS via move_attachments_page.php

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

Arbitrary Code Injection

Overview typo3/cms is a free open source Content Management Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the Color Picker Wizard component. Remediation Upgrade typo3/cms to version 6.1.9, 6.0.14, 4.7.19, 4.5.34 or higher. References - OpenSuse Securi...