Exploit for Cross-site Scripting in Jamovi

CVE-2021-28079 - POC Jamovi =1.6.18 is affected by a cros...

EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create a new EDTB and put the following payload in the Table Name, Column Name or...

Fortinet FortiAnalyzer 跨站脚本漏洞

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. FUEL CMS in version 1.5.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter col in the software's /FUEL/index.php/FUEL/logs/items for externally-inputted SQL...

Cross site scripting

GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a...

SUSE-SU-2021:2777-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations bsc1185924. - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists bsc1185925. - Don't u...

CVE-2021-38190

An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count...

CVE-2021-38190

An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count...

Design/Logic Flaw

An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count...

CVE-2020-19305

An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges...

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page...

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page...

Cross site scripting

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page...

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. Recent assessments: NinjaOperator at July 23, 2021 9:42pm UTC reported:...

CVE-2021-35479

CVE-2021-35479 affects Nagios Log Server prior to version 2.1.9, where a Stored XSS vulnerability exists in the custom column view of the alert history and audit log via the affected pp parameter. Exploitation is described as requiring a crafted link or a third‑party webpage to trigger the vulner...

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page...

CVE-2021-24365

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of...

CVE-2021-24365

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of...

CVE-2021-24365

The CVE-2021-24365 entry concerns the Admin Columns WordPress plugin (Free &lt; 4.3.2; Pro

[ASA-202107-11] python-django: insufficient validation

Arch Linux Security Advisory ASA-202107-11 ========================================== Severity: High Date : 2021-07-03 CVE-ID : CVE-2021-35042 Package : python-django Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-2123 Summary ======= The package python-djan...