Lucene search
K

2125 matches found

Github Security Blog
Github Security Blog
added 2024/05/20 8:26 p.m.33 views

verbb/formie Server-Side Template Injection for variable-enabled settings

Impact Users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This is listed as low-medium severity due to...

4.4CVSS7.2AI score0.00255EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/20 8:26 p.m.17 views

GHSA-V45M-HXQP-FWF5 verbb/formie Server-Side Template Injection for variable-enabled settings

Impact Users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This is listed as low-medium severity due to...

4.4CVSS4.6AI score0.00255EPSS
Exploits0References4
OSV
OSV
added 2024/05/06 4:15 p.m.2 views

CVE-2024-34090

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. The login banner in the Archer Control Panel ACP did not previously escape content appropriately. 6.14 P3 6.14.0.3 is also a fixed release...

5.4CVSS5.6AI score
Exploits0References2
CVE
CVE
added 2024/05/06 12:0 a.m.51 views

CVE-2024-34090

CVE-2024-34090 affects Archer Platform 6 prior to 2024.04. The vulnerability is a stored cross-site scripting (XSS) flaw in the Archer Control Panel (ACP) login banner, where content was not properly escaped. This could allow an attacker with access to the ACP to inject and render malicious scrip...

7.3CVSS5.6AI score0.00423EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/25 7:46 p.m.13 views

GHSA-Q7G6-XFH2-VHPX phpMyFAQ stored Cross-site Scripting at user email

Summary The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript...

5.5CVSS5.9AI score0.00691EPSS
Exploits1References5
NVD
NVD
added 2024/03/25 7:15 p.m.19 views

CVE-2024-27300

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...

5.5CVSS5.6AI score0.00691EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/25 6:30 p.m.19 views

CVE-2024-27300 phpMyFAQ Stored XSS at user email

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...

5.5CVSS6.3AI score0.00691EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.4 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the email field in the phpMyFAQ User Control Panel page being vulnerable to a stored cross-site scripti...

5.5CVSS4.6AI score0.00691EPSS
Exploits1References4
Kaspersky
Kaspersky
added 2024/03/20 12:0 a.m.21 views

KLA65243 PE vulnerability in Microsoft Apps

An elevation of privilege vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2024-28916 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. Related...

8.8CVSS9AI score0.00652EPSS
Exploits0References4
Kaspersky
Kaspersky
added 2024/03/12 12:0 a.m.60 views

KLA65129 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Skype for Consumer can be...

8.8CVSS8.6AI score0.02618EPSS
Exploits0References7
CNVD
CNVD
added 2024/03/01 12:0 a.m.5 views

Huawei HarmonyOS and EMUI suffer from denial of service vulnerabilities (CNVD-2024-31076)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

6.3CVSS6.6AI score0.00217EPSS
Exploits0References1
Snyk
Snyk
added 2024/02/20 9:30 a.m.3 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Control Panel. An attacker can obtain sensitive user information by enumerating user screen names and accessing the page's title. Remediation Upgrade...

5.3CVSS6.6AI score0.00439EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/20 9:30 a.m.5 views

Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS4.1AI score0.00439EPSS
Exploits0References9Affected Software2
Snyk
Snyk
added 2024/02/20 9:30 a.m.3 views

Insertion of Sensitive Information Into Sent Data

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Control Panel. An attacker can obtain sensitive user information by enumerating user screen names and...

5.3CVSS6.6AI score0.00439EPSS
Exploits0References2
OSV
OSV
added 2024/02/20 9:30 a.m.3 views

GHSA-4585-28V2-8H46 Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS6.6AI score0.00439EPSS
Exploits0References9
OSV
OSV
added 2024/02/20 9:15 a.m.5 views

CVE-2024-25604

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...

6.5CVSS5.8AI score0.00415EPSS
Exploits0References1
Prion
Prion
added 2024/02/20 9:15 a.m.19 views

Design/Logic Flaw

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...

4CVSS6.8AI score0.00415EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/20 8:40 a.m.17 views

CVE-2024-25604

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...

6.5CVSS6.4AI score0.00415EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/20 8:40 a.m.22 views

CVE-2024-25604

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...

6.5CVSS6.6AI score0.00415EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 8:40 a.m.98 views

CVE-2024-25604

CVE-2024-25604 affects Liferay Portal 7.2.0–7.4.3.4 and Liferay DXP 7.4.13, 7.3 before SP3, 7.2 before FP17 (and older unsupported versions), where the system does not properly enforce permissions. Specifically, remote authenticated users with the VIEW permission can edit their own permissions vi...

6.5CVSS6.2AI score0.00415EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder