74 matches found
CVE-2024-44059
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...
CVE-2025-4011
A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...
DEBIAN-CVE-2025-4011
A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...
CVE-2025-4011
A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...
UBUNTU-CVE-2025-4011
A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...
CVE-2025-4011 Redmine Custom Query cross site scripting
A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...
CVE-2025-4011 Redmine Custom Query cross site scripting
A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...
CVE-2025-4011
CVE-2025-4011 affects Redmine versions 6.0.0–6.0.3, where the unknown code path in the Custom Query Handler improperly handles the argument named “Name”, enabling remote Cross‑Site Scripting (XSS) . The impact is limited to client-side execution and depends on user interaction as described by the...
PT-2025-18051 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions 6.0.0 through 6.0.3 Description: A vulnerability has been found in the Custom Query Handler component, affecting unknown code. The manipulation of the Name argument leads to cross-site scripting. The attack can be initiated...
Redmine 代码注入漏洞
Redmine is an open source set of open source Web-based project management and defect tracking tools from Redmine Open Source. The product provides features such as project management, issue tracking and role-based access control. A code injection vulnerability exists in Redmine versions 6.0.0,...
Malicious code in custom-query-parse-serialization (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b54841d5b21c1f37a53ed8c5230cf6d43e948115b0116890c9bc53a963e08dae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
kernel: ACPI: EC: Fix oops when removing custom query handlers
A flaw was found in the Linux kernel's ACPI Embedded Controller EC subsystem. When removing custom query handlers, a kernel oops can occur if the handler is still being executed in the EC query workqueue while the module containing the callback function is being unloaded. The fix ensures the...
CVE-2024-38794
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0...
CVE-2024-38794 WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0...
CVE-2024-38794 WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0...
CVE-2024-38794
CVE-2024-38794: WordPress Custom Query Blocks plugin (
WordPress plugin Custom Query Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-44059
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...
CVE-2024-44059 WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...
CVE-2024-44059 WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.3.1...