The vulnerabilities of the alter.c and build.c components of the SQLite database management system allow a hacker to rename any columns in the table.

The vulnerability of the alter.c and build.c components of the SQLite database management system exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to rename any columns in the table at will...

CVE-2020-2266

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

Cross site scripting

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2020-2266

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

PT-2020-15491 · Jenkins · Jenkins Description Column Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Description Column Plugin versions 1.3 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the job description in the column tooltip is not properly escaped. Attackers wit...

CVE-2020-25253

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter...

Hyland OnBase SQL Injection Vulnerability (CNVD-2020-52045)

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase suffers from a SQL injection vulnerability. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via the TableName, ColumnName, Name, UserId, or Passwor...

Object Injection

laravel/framework is vulnerable to object injection. The vulnerability exists when the $guarded property is used on models, as a nested expression in a JSON column can bypass the guarded condition...

Cross-site Scripting (XSS)

Overview cabot is a Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Endpoint column. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

CVE-2020-24941

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

CVE-2020-24941

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

Code injection

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

CVE-2020-24941

The CVE-2020-24941 vulnerability affects Laravel framework prior to 6.18.35 and 7.x prior to 7.24.0, where the $guarded property is mishandled in certain requests with JSON column nesting expressions. The issue’s root cause is a mishandling of guarded on models when nested JSON expressions are in...

CVE-2020-24941

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

PT-2020-15864 · Taylor Otwell · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.18.35 Laravel versions 7.x prior to 7.24.0 Description: An issue was discovered in Laravel where the $guarded property is mishandled in certain situations involving requests with JSON column nesting expressions...

The vulnerability of the components column.title and cellLinkTooltip in the Grafana data visualization web tool allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the column.title and cellLinkTooltip components of the Grafana data visualization web tool is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

grafana: XSS via column.title or cellLinkTooltip

A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. The vulnerability exists as it improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...

CVE-2020-2219

Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability...

Cross site scripting

Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability...