Lucene search
K

29 matches found

OSV
OSV
added 2022/03/22 10:15 p.m.4 views

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

6.5CVSS5.8AI score0.00741EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/22 12:0 a.m.3 views

CMDBuild 日志信息泄露漏洞

CMDBuild is an open source web enterprise environment for configuring custom applications for asset management. A security vulnerability exists in CMDBuild versions 3.0 through 3.3.2, which stems from the fact that payload requests for CMDBuild versions 3.0 through 3.3.2 are stored in a temporary...

6.5CVSS6.5AI score0.00741EPSS
Exploits0References2
OSV
OSV
added 2021/08/09 1:15 p.m.4 views

CVE-2021-34660

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the /includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18...

6.1CVSS5.8AI score0.00819EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2020/12/17 9:0 p.m.48 views

Apache Airflow logs passwords in plaintext

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. The same happenes when creating a Connection with a password field...

6.5CVSS6.3AI score0.02537EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/12/17 9:0 p.m.40 views

GHSA-CVCQ-GMC3-Q6M8 Apache Airflow logs passwords in plaintext

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. The same happenes when creating a Connection with a password field...

2.8CVSS6.6AI score0.02537EPSS
Exploits0References6
OSV
OSV
added 2020/12/14 10:15 a.m.17 views

PYSEC-2020-262

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...

6.5CVSS5.9AI score0.02537EPSS
Exploits0References2
PyPA
PyPA
added 2020/12/14 10:15 a.m.6 views

PYSEC-2020-262

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...

6.5CVSS6.9AI score0.02537EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2009/02/10 2:0 a.m.77 views

CVE-2009-0500

CVE-2009-0500 is a Moodle XSS vulnerability in course/lib.php where crafted log table data displayed in a log report could inject script/HTML. Affected Moodle versions: 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4. Root cause is improper handling/escaping of log info...

4.3CVSS6.5AI score0.0125EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2009/02/09 12:0 a.m.26 views

CVE-2009-0500

Cross-site scripting XSS vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log...

4.3CVSS6AI score0.0125EPSS
Exploits0References2
Rows per page
Query Builder