Lucene search
K

74 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.9 views

CVE-2024-44059

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/30 8:37 a.m.15 views

CVE-2025-4011

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

5.1CVSS6.3AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 9:15 a.m.1 views

DEBIAN-CVE-2025-4011

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

5.1CVSS3.1AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 9:15 a.m.6 views

CVE-2025-4011

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

3.5CVSS6.3AI score
Exploits0References6
OSV
OSV
added 2025/04/28 9:15 a.m.3 views

UBUNTU-CVE-2025-4011

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

5.1CVSS3.9AI score0.0028EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/04/28 8:0 a.m.10 views

CVE-2025-4011 Redmine Custom Query cross site scripting

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

5.1CVSS3.8AI score0.0028EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/04/28 8:0 a.m.24 views

CVE-2025-4011 Redmine Custom Query cross site scripting

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

5.1CVSS0.0028EPSS
Exploits0References6
CVE
CVE
added 2025/04/28 8:0 a.m.73 views

CVE-2025-4011

CVE-2025-4011 affects Redmine versions 6.0.0–6.0.3, where the unknown code path in the Custom Query Handler improperly handles the argument named “Name”, enabling remote Cross‑Site Scripting (XSS) . The impact is limited to client-side execution and depends on user interaction as described by the...

5.1CVSS3.8AI score0.0028EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.6 views

PT-2025-18051 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 6.0.0 through 6.0.3 Description: A vulnerability has been found in the Custom Query Handler component, affecting unknown code. The manipulation of the Name argument leads to cross-site scripting. The attack can be initiated...

5.1CVSS3.5AI score0.0028EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.2 views

Redmine 代码注入漏洞

Redmine is an open source set of open source Web-based project management and defect tracking tools from Redmine Open Source. The product provides features such as project management, issue tracking and role-based access control. A code injection vulnerability exists in Redmine versions 6.0.0,...

5.1CVSS4.6AI score0.0028EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 9:1 a.m.4 views

Malicious code in custom-query-parse-serialization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b54841d5b21c1f37a53ed8c5230cf6d43e948115b0116890c9bc53a963e08dae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.5 views

kernel: ACPI: EC: Fix oops when removing custom query handlers

A flaw was found in the Linux kernel's ACPI Embedded Controller EC subsystem. When removing custom query handlers, a kernel oops can occur if the handler is still being executed in the EC query workqueue while the module containing the callback function is being unloaded. The fix ensures the...

5.8AI score0.00177EPSS
Exploits0References5
NVD
NVD
added 2024/11/01 3:15 p.m.24 views

CVE-2024-38794

Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0...

5.3CVSS0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/01 2:17 p.m.27 views

CVE-2024-38794 WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0...

5.3CVSS0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/01 2:17 p.m.8 views

CVE-2024-38794 WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0...

5.3CVSS6.9AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2024/11/01 2:17 p.m.44 views

CVE-2024-38794

CVE-2024-38794: WordPress Custom Query Blocks plugin (

5.3CVSS5.3AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.4 views

WordPress plugin Custom Query Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.6AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2024/09/15 9:15 a.m.35 views

CVE-2024-44059

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...

6.5CVSS0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/15 8:10 a.m.20 views

CVE-2024-44059 WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/15 8:10 a.m.40 views

CVE-2024-44059 WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...

6.5CVSS0.00248EPSS
Exploits0References1
Rows per page
Query Builder