Lucene search
K

172 matches found

Huntr
Huntr
added 2022/04/10 10:27 a.m.25 views

Leaking password protected articles content due to improper access control

Description Any user who can publish their article can protect it using a password before publishing. So, a valid password to the article is required to view the contents of the article. But when a request is made to article /2022/04/10/ the UI show it requires a password to view content. But the...

4CVSS1.5AI score0.01192EPSS
Exploits1
Cvelist
Cvelist
added 2022/01/13 5:30 p.m.32 views

CVE-2022-21678 User's bio visible even if profile is restricted in Discourse

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...

4.3CVSS6AI score0.00908EPSS
Exploits0References3
CVE
CVE
added 2022/01/13 5:30 p.m.96 views

CVE-2022-21678

Discourse suffers an information disclosure vulnerability: before specific patch levels, bios (or profile bios) of users with private profiles were exposed in the page meta data, exposing private user information. Affected software: Discourse. Affected versions include prior to 2.8.0.beta11 in th...

4.3CVSS4.5AI score0.00908EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/13 12:0 a.m.5 views

PT-2022-15030 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.0.beta11 in the tests-passed branch Discourse versions prior to 2.8.0.beta11 in the beta branch Discourse versions prior to 2.7.13 in the stable branch Description: The bios of users who made their profiles...

4.3CVSS4.4AI score0.00908EPSS
Exploits0References8
Friends Of PHP
Friends Of PHP
added 2021/11/21 12:0 a.m.16 views

CVE-2022-37421 - Stored XSS in custom meta tags

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37421...

5.4CVSS7.2AI score0.00529EPSS
Exploits0Affected Software1
Huntr
Huntr
added 2021/10/19 3:26 p.m.10 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description Hello. ForkCMS does not properly sanitize the website's TITLE when it is imported into the meta tags. Proof of Concept If we set the page title to something like this: Home - Hi'"script src=//xss/scriptx="99\r\n%0A%09%0Dsvg\onload=confirm1 It gets reflected back here: "" Impact This...

1.4AI score
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2021/04/08 5:36 a.m.63 views

Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags

More info at https://phabricator.wikimedia.org/T279451...

4.3CVSS6.4AI score0.00981EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/04/08 5:36 a.m.34 views

Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags

More info at https://phabricator.wikimedia.org/T279451...

6.1CVSS7.2AI score0.00981EPSS
Exploits0Affected Software1
Kitploit
Kitploit
added 2020/12/02 8:30 p.m.51 views

Fast-Security-Scanners - Security Checks For Your Researches

A small contribution to community : We use all these tools in security assessments and in our vulnerability monitoring service Check your domain for DNS NStakeover Repo docker run --dns=8.8.8.8 -e VULNID=dnsnstakeover -e DOMAIN=site.com whitespots/dnsnstakeover CachePoisoning Repo docker run --rm...

7.2AI score
Exploits0References9
NVD
NVD
added 2020/11/03 9:15 p.m.25 views

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

8.7CVSS7.8AI score0.01083EPSS
Exploits0References4
OSV
OSV
added 2019/07/24 4:31 p.m.4 views

DRUPAL-CONTRIB-2019-058

This module enables you to customize meta tags to help with a site's search engine ranking and improve the display of page summaries when shared on social networks. The module doesn't sufficiently check for a site being in maintenance mode. This vulnerability is mitigated by the fact that the sit...

6.6AI score
Exploits0References1
Drupal
Drupal
added 2019/07/17 12:0 a.m.15 views

Meta tags quick - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-057

Metatags quick is a module that manages meta tags tags that appear in HTML's head section as Drupal 7 fields. Administration page of metatags quick does not sanitize the output of blocks that appear on the same page. This allows an attacker to inject malicious JavaScript in block markup. This...

6.3AI score
Exploits0References5
Prion
Prion
added 2018/06/26 4:29 p.m.21 views

Session fixation

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

4.3CVSS6.4AI score0.01181EPSS
Exploits1References2
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5.3CVSS7.3AI score0.01578EPSS
Exploits0References5
OSV
OSV
added 2018/06/11 9:29 p.m.6 views

CVE-2017-7837

SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox 57...

5.3CVSS7.3AI score0.01471EPSS
Exploits0References4
Prion
Prion
added 2018/06/11 9:29 p.m.14 views

Code injection

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5CVSS6.2AI score0.01578EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2018/05/31 8:29 p.m.23 views

CVE-2016-10569

embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

8.1CVSS8.5AI score
Exploits0References1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.28 views

CVE-2016-10569

embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

8.3AI score0.01752EPSS
Exploits0References1
CVE
CVE
added 2018/05/31 8:0 p.m.54 views

CVE-2016-10569

The CVE-2016-10569 issue affects the embedza module prior to version 1.2.4, where JavaScript resources are downloaded over HTTP. This enables a man-in-the-middle scenario where an attacker on the network could swap the requested JavaScript with a malicious file, potentially leading to remote code...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2018/01/05 8:29 a.m.19 views

HackerOne: Partial disclosure of undisclosed programs through <meta> tags

Summary Report pages contain tags that contains the description of the report. New browsers create thumbnails of recently visited pages that that display the content of the tags. Since the meta tags contain the contents of report, private report contents are partially disclosed. Description Moder...

6.7AI score
Exploits0
Rows per page
Query Builder