USN-7569-1 dojo vulnerabilities

It was discovered that Dojo did not correctly handle DataGrids. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-15494 It was discovered that Dojo was vulnerable to prototype pollution. An attacker could...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Unauthenticated XML External Entity (XXE) vulnerability

Unauthenticated XML External Entity XXE vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Content Injection vulnerability

Authenticated Content Injection vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054

This module provides serialization formats for use by other modules. The module includes a version of phpoffice/phpspreadsheet which has multiple known security vulnerabilities...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Multiple Vulnerabilities

Authenticated Multiple Vulnerabilities discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7, 7.x-3.0...

CVE-2022-24752 SQL Injection through sorting parameters in SyliusGridBundle

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate t...

DRUPAL-CONTRIB-2021-043

This module enables aklump/loft\data\grids to be used as a Drupal module. Excel support was provided by , which is abandoned and there are known security vulnerabilities: CVE-2018-19277: PHPOffice/PhpSpreadsheet771. Excel support has since been replaced with the newer library. This module provide...

Loft Data Grids - Moderately critical - XML External Entity (XXE) Processing - SA-CONTRIB-2021-043

This module enables aklump/loftdatagrids to be used as a Drupal module. Excel support was provided by https://packagist.org/packages/phpoffice/phpexcel, which is abandoned and there are known security vulnerabilities: CVE-2018-19277: PHPOffice/PhpSpreadsheet771. Excel support has since been...