PT-2026-48683

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initial person info, $session entry url, and $current url were...

PT-2023-31143 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.7 Description: The Google Analytics element in Uptime Kuma is vulnerable to Attribute Injection, leading to Cross-Site-Scripting XSS attacks. This occurs because the custom status interface can set an...

PT-2021-4147

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the fixed version Description The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit...