CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-1070

CVE-2023-1070 affects TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.22. The issue is described as External Control of File Name or Path, enabling an attacker to delete arbitrary files through manipulation of file names/paths. The root cause is a vulnerability in how file names/paths ...

CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-1067 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.18...

CVE-2023-1034

Path Traversal: '..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9...

Path traversal

Path Traversal: '..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9...

CVE-2023-1033

CVE-2023-1033 describes a Cross-Site Request Forgery (CSRF) vulnerability in froxlor/froxlor prior to version 2.0.11. The affected software is Froxlor (web-based server management) with the issue in its handling of authenticated requests. The practical impact cited in connected documents is that ...

CVE-2023-1034 Path Traversal: '\..\filename' in salesagility/suitecrm

Path Traversal: '..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9...

CVE-2023-0995

Cross-site Scripting XSS - Stored in GitHub repository unilogies/bumsys prior to v2.0.1...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository unilogies/bumsys prior to v2.0.1...

CVE-2023-0994

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2...

CVE-2023-0995 Cross-site Scripting (XSS) - Stored in unilogies/bumsys

Cross-site Scripting XSS - Stored in GitHub repository unilogies/bumsys prior to v2.0.1...

CVE-2023-0995

CVE-2023-0995 is a stored XSS in unilogies/bumsys prior to v2.0.1. Affected component(s): the web app handling user input stored and later displayed. Exploitability is evidenced by a PoC showing a payload in a POST to customer-support flow, triggering test. Remediation: upgrade to version 2.0.1 o...

CVE-2023-0994 Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2...

From Spring Native to Spring Boot 3

Today, we are finishing to transition the Spring support for building native executables from the experimental Spring Native project to the official Spring Boot GraalVM native image support. In practice, that means we are archiving the Spring Native GitHub repository and moving it to the...

GHSA-MGMM-CMHJ-2H5F modoboa Cross-site Scripting vulnerability

Cross-site Scripting XSS - Reflected in GitHub repository modoboa/modoboa prior to 2.0.45...

PYSEC-2023-33

Cross-site Scripting XSS - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5...

CVE-2023-0947 Path Traversal in flatpressblog/flatpress

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3...

CVE-2023-0947

CVE-2023-0947 : Path Traversal vulnerability in FlatPress (flatpressblog/flatpress) prior to version 1.3. The issue allows unauthenticated attackers to traverse directories and access sensitive files in the FP-content area due to improper path validation. Affected: FlatPress prior to 1.3. Impact ...

CVE-2023-0949 Cross-site Scripting (XSS) - Reflected in modoboa/modoboa

Cross-site Scripting XSS - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5...