CVE-2024-54960

A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component...

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Specific to version 2024R1.2.2. The vulnerability is in the way Nagios XI handles user information, allowing unauthenticated users to access usernames and e-mail addresses of all current users. This can lead to unauthorized access and exploitation of...

CVE-2024-54960

A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component...

CVE-2024-54960

A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component...

CVE-2024-54960

A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component...

PT-2025-7441 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 2024R1.2.2 Description: A SQL Injection issue allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component. Recommendations: For Nagios XI version 2024R1.2.2, consider disabling access...

CVE-2024-54960

CVE-2024-54960 corresponds to a SQL Injection vulnerability in Nagios XI 2024R1.2.2, exploitable by a remote attacker via a crafted payload in the History Tab component. The initial records indicate that this vulnerability can lead to unauthorized access to the underlying database, with impacts d...

PT-2024-40127 · Packagist · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A cross-site scripting issue has been found in the CMS page history tab. This can be exploited if a user with CMS access posts malicious or unescaped HTML into any text fields on a...

Mozilla Firefox SQL注入漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A SQL injection vulnerability exists in the history tab of Mozilla Firefox for iOS, which originates from the ability to externally specify a search term to trigger an SQL injection...

Input validation

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

UBUNTU-CVE-2022-21688

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing...

PYSEC-2022-39

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing...

CVE-2022-21688 Out-of-bounds Read in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing...

Liferay Portal 6.2.0 CE GA1 Multiple XSS

According to its self-reported version number, the version of Liferay Portal running on the remote host is 6.2.0. It is, therefore, potentially affected by the following cross-site scripting vulnerabilities : - Input passed from page titles is not sanitized before it is displayed in the Recycle...

deletion of a comment with a security setting sends a notification to all watchers and the history tab

As a non-atlassian developer, I saw a deletion notification for a comment that I was restricted from viewing. That seems like a security leak. It would be annoying if we're trying to hide discussion from certain users for them to see that the discussion is happening at all, it would raise questio...

FreeBSD : flyspray -- multiple vulnerabilities (9d3020e4-a2c4-11dd-a9f9-0030843d3802)

The Flyspray Project reports : Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch JavaScript function. There is an XSS problem in the history tab, t...

CVE-2007-6461

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...

CVE-2007-6461

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...

CVE-2007-6461

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...