1285 matches found
Element Plus 跨站脚本漏洞
Element Plus is an open source Vue.js 3 UI library from the China Element Plus organization. A cross-site scripting vulnerability exists in Element Plus version 2.0.5, which stems from a lack of filtering and escaping of el-table-column in the application...
PYSEC-2022-190
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
UBUNTU-CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
PT-2022-13665 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.9 prior to 14.9.2 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.0 prior to 14.7.7 Description: A business logic error in Project Import under certain conditions caused imported projects to show a...
Citrix PVS Configuration Wizard fails after upgrading from 1912 CU5 to 2109 or higher
After updating the PVS version to PVS 1912 Any CU to PVS 2109 or higher Including 2203 LTSR the Citrix CVAD Wizard will fail to create any new devices. A CDF trace would show the following errors in the logs: 3453,0,2022/03/29 11:31:53:91395,8044,8652,1,PVSDllMAPIAO,,0,,1,Error,"SqlException...
WordPress Plugin admin-word-count-column 2.2 - Local File Read
Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Read Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Date: 27-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2...
WordPress Admin Word Count Column plugin <= 2.2 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Admin Word Count Column plugin versions = 2.2. Solution Deactivate and delete. This plugin has been closed as of March 29, 2022 and is not available for download. This closure is temporary,...
ClassCMS Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in ClassCMS v2.5 and prior versions of ClassCMS, a simple, flexible, secure, and easily extensible content management system in China. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the Add Articles fie...
CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column...
CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column...
CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column...
Code injection
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column...
CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column...
CVE-2022-26255
CVE-2022-26255 affects Clash for Windows v0.19.8. The issue allows arbitrary code execution via a crafted payload injected into the Proxies name column. Connected sources corroborate the impact across multiple records (Red Hat, NVD, OSV, CNNVD, PT Security) without specifying a vendor-provided pa...
CVE-2022-25582
A stored cross-site scripting XSS vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field...
CVE-2022-25582
A stored cross-site scripting XSS vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field...
CVE-2022-25582
A stored cross-site scripting XSS vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field...
ClassCMS 跨站脚本漏洞
A cross-site scripting vulnerability exists in ClassCMS v2.5 and prior versions of ClassCMS, a simple, flexible, secure, and easily extensible content management system in China. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the Add Articles fie...
CVE-2022-25517
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. NOTE: the vendor's position is that the reported execution of a SQL statement was intended behavior...