PT-2024-32872 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The built-in error page in OpenRefine includes the exception message and exception traceback without escaping HTML tags, allowing injection into the page if an attacker can produce an error with...

PT-2024-6674 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: The issue is related to a stored XSS vulnerability that can be imported from a project with malicious...

PT-2022-13665 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.9 prior to 14.9.2 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.0 prior to 14.7.7 Description: A business logic error in Project Import under certain conditions caused imported projects to show a...

CVE-2021-43555 mySCADA myDESIGNER

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing...

FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)

Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...