18 matches found
CVE-2021-47925
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...
EUVD-2021-34787
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...
CVE-2021-47925
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...
CVE-2021-47925
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...
CVE-2021-47925 CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...
CVE-2021-47925
CMDBuild 3.3.2 is affected by multiple stored cross-site scripting (XSS) vulnerabilities. The issue involves authenticated attackers injecting arbitrary web script or HTML via crafted input in card creation and file upload endpoints. XSS payloads can be injected through Employee card parameters o...
CVE-2021-47925 CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...
PT-2026-39501
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...
CMDBuild 跨站脚本漏洞
CMDBuild is an open-source web-based enterprise environment for configuring custom applications for asset management. Version 3.3.2 of CMDBuild contains a cross-site scripting vulnerability. This vulnerability stems from multiple stored-cross-site scripting vulnerabilities, allowing authenticated...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snddevmcardnew sndcardymfpciremove was removed in commit c6e6bb5eab74 "ALSA: ymfpci: Allocate resources with device-managed APIs", but the call to sndcardnew was not replaced with...
CVE-2026-31701
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...
CVE-2026-31701 ALSA: caiaq: take a reference on the USB device in create_card()
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...
PT-2026-36331
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The caiaq driver in the ALSA subsystem stores a pointer to the parent USB device in cdev-chip.dev without taking a reference to it. This leads to a use-after-free scenario where the snd...
SUSE CVE-2023-54308
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snddevmcardnew sndcardymfpciremove was removed in commit c6e6bb5eab74 "ALSA: ymfpci: Allocate resources with device-managed APIs", but the call to sndcardnew was not replaced with...
CVE-2023-54308 ALSA: ymfpci: Create card with device-managed snd_devm_card_new()
In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Create card with device-managed snddevmcardnew sndcardymfpciremove was removed in commit c6e6bb5eab74 "ALSA: ymfpci: Allocate resources with device-managed APIs", but the call to sndcardnew was not replaced with...
Library Management System SQL Injection Vulnerability
Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A SQL injection vulnerability exists in Library Management System version 2.0, which stems from the presence of SQL injection...
kernel: ALSA: ymfpci: Create card with device-managed snd_devm_card_new()
A flaw was found in the Linux kernel's ALSA ymfpci sound driver. During a previous refactoring commit that removed sndcardymfpciremove, the sndcardnew call was not updated to snddevmcardnew. This omission means sndcardfree is never called during module unload, leading to a kernel oops when...
Unfixed XSS vulnerability at www.albatoul.net
Security researcher S0m.ph, has submitted on 29/10/2007 a cross-site-scripting XSS vulnerability affecting www.albatoul.net, which at the time of submission ranked 118912 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is current...