Lucene search
+L

4 matches found

vulnrichment
vulnrichment
added 2026/04/21 4:19 p.m.4 views

CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

3.3CVSS5.8AI score0.00144EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/04/12 12:0 a.m.9 views

PT-2023-22203 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.9-rc-1 Description: The issue arises from the lack of checks on the author of a JavaScript xobject or StyleSheet xobject added to a XWiki document. This allowed a user with only Edit Right to create such an object a...

9CVSS5.2AI score0.00942EPSS
Exploits1References11
huntr
huntr
added 2021/08/13 1:6 p.m.19 views

Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

✍️ Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. 🕵️‍♂️ Proof of Concept Updating page with malicious...

4CVSS0.1AI score0.008EPSS
Exploits1
osv
osv
added 2018/12/13 7:29 p.m.1 views

UBUNTU-CVE-2018-19039

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions...

6.5CVSS7AI score0.0728EPSS
Exploits0References3
Rows per page
Query Builder