18 matches found
EUVD-2021-1222
Malware in sbrugna...
CVE-2023-23634
SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint...
CVE-2019-19619
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
CVE-2023-23634
SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint...
CVE-2023-23634
SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint...
Sql injection
SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint...
CVE-2023-23634
CVE-2023-23634 affects Documize 5.4.2. A SQL injection vulnerability in the /api/dashboard/activity endpoint allows remote attackers to execute arbitrary code via the user parameter, with high impact (C, I, A all High) and CVSS 3.1 score 9.8. Affected component: the /api/dashboard/activity reques...
Documize Security Breach
Documize is an open source document collaboration system built on Golang and EmberJS. A security vulnerability exists in Documize version 5.4.2, which stems from an SQL injection vulnerability. The vulnerability allows remote attackers to execute arbitrary code via user parameters in the...
CVE-2023-23634
SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint...
PT-2023-19094 · Documize · Documize
Name of the Vulnerable Software and Affected Versions: Documize version 5.4.2 Description: The issue allows remote attackers to execute arbitrary code via the user parameter of the "/api/dashboard/activity" endpoint. This enables attackers to potentially gain unauthorized access and control over...
Cross-site Scripting in Documize
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
GHSA-WMWP-PGGC-H4MJ Cross-site Scripting in Documize
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
Documize Cross-Site Scripting Vulnerability
Documize is an open source document collaboration system built on Golang and EmberJS. A cross-site scripting vulnerability exists in the domain/section/markdown/markdown.go file in Documize versions prior to 3.5.1. The vulnerability stems from the lack of proper validation of client-side data by...
CVE-2019-19619
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
CVE-2019-19619
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
Design/Logic Flaw
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
CVE-2019-19619
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
CVE-2019-19619
Documize prior to 3.5.1 mishandled untrusted Markdown in domain/section/markdown/markdown.go, enabling potential XSS. The issue was mitigated by adding bluemonday HTML sanitizer; remediation involves upgrading to Documize 3.5.1+ (or applying equivalent sanitization). References across NVD, Red Ha...