CVE-2024-38859

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...

CVE-2024-38859 XSS in view page with SLA column

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...

CVE-2024-38859 XSS in view page with SLA column

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...

PT-2024-28240 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p14 Checkmk versions prior to 2.2.0p33 Checkmk versions prior to 2.1.0p47 Checkmk version 2.0.0 Description: The issue allows malicious users to execute arbitrary scripts by injecting HTML elements into the SLA...

CVE-2023-6987

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2023-6987

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

WordPress plugin String locator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15161 · WordPress · String Locator Plugin

Name of the Vulnerable Software and Affected Versions: String locator plugin for WordPress versions up to, and including, 2.6.5 Description: The issue is related to Reflected Cross-Site Scripting via the sql-column parameter due to insufficient input sanitization and output escaping. This allows...

Django SQL injection vulnerability

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

PYSEC-2024-70

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

PYSEC-2024-70

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

UBUNTU-CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

CVE-2024-41804

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially...

CVE-2024-41804

CVE-2024-41804 affects Xibo CMS (DataSet Column Formulas API). An SQL injection vulnerability is exploitable by an authenticated user via the formula parameter, enabling access to/ modification of arbitrary data in the Xibo database. Remediation: upgrade to Xibo versions 3.3.12 or 4.0.14, which f...

PT-2024-29571 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 3.3.12 Xibo versions prior to 4.0.14 Description: A SQL injection issue was discovered in the API route responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to obtain and modify...

Malicious code in two-column-image-text-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 816a60cffab8a3e09e7bdd3135a8d8fdb6bca092a94ec723a64d7aecd057d471 The OpenSSF Package Analysis project identified 'two-column-image-text-grid' @ 69.69.69 npm as malicious. It is considered malicious because: -...

MAL-2024-7695 Malicious code in two-column-image-text-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 816a60cffab8a3e09e7bdd3135a8d8fdb6bca092a94ec723a64d7aecd057d471 The OpenSSF Package Analysis project identified 'two-column-image-text-grid' @ 69.69.69 npm as malicious. It is considered malicious because: -...

SUSE CVE-2024-32229

FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vftiltandshift.c:189:5 in copycolumn...

UBUNTU-CVE-2024-32229

FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vftiltandshift.c:189:5 in copycolumn...