29 matches found
CVE-2022-25518
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...
CMDBuild 日志信息泄露漏洞
CMDBuild is an open source web enterprise environment for configuring custom applications for asset management. A security vulnerability exists in CMDBuild versions 3.0 through 3.3.2, which stems from the fact that payload requests for CMDBuild versions 3.0 through 3.3.2 are stored in a temporary...
CVE-2021-34660
The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18...
Apache Airflow logs passwords in plaintext
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. The same happenes when creating a Connection with a password field...
GHSA-CVCQ-GMC3-Q6M8 Apache Airflow logs passwords in plaintext
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. The same happenes when creating a Connection with a password field...
PYSEC-2020-262
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...
PYSEC-2020-262
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...
CVE-2009-0500
CVE-2009-0500 is a Moodle XSS vulnerability in course/lib.php where crafted log table data displayed in a log report could inject script/HTML. Affected Moodle versions: 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4. Root cause is improper handling/escaping of log info...
CVE-2009-0500
Cross-site scripting XSS vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log...