178 matches found
Design/Logic Flaw
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
MeterSphere 代码问题漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.5.0 before the version of the code problem vulnerability , the vulnerability stems from the existence of server-side request forgery , resulting in reflective cross-site scripting...
CVE-2022-23544 Server-Side Request Forgery in Metersphere leads to Cross-Site Scripting
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
CVE-2022-23544 Server-Side Request Forgery in Metersphere leads to Cross-Site Scripting
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
CVE-2022-23544
MeterSphere
CVE-2022-23544 Server-Side Request Forgery in Metersphere leads to Cross-Site Scripting
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
CVE-2022-23512
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...
Path traversal
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...
CVE-2022-23512
MeterSphere (open source continuous testing platform) has a path injection vulnerability in ApiTestCaseService::deleteBodyFiles. The issue arises when a user-supplied string id is concatenated into the file path (BODY_FILE_DIR + "/" + testId) and later deleted via file.delete(), enabling manipula...
CVE-2022-23512 Metersphere is vulnerable to Path Injection.
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...
CVE-2022-23512 Metersphere is vulnerable to Path Injection.
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...
CVE-2022-23512 Metersphere is vulnerable to Path Injection.
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...
MeterSphere 路径遍历漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform . MeterSphere version 2.4.1 before the existence of path traversal vulnerability , the vulnerability stems from easy to ApiTestCaseService::deleteBodyFiles in the path injection attack , the attacker can use t...
Metersphere arbitrary file upload vulnerability
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. metersphere has an arbitrary file upload vulnerability, which can be exploited by remote attackers to submit special requests that can upload malicious files and write cron jobs to execute commands...
CVE-2021-45789
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...
CVE-2021-45790
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands...
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
CVE-2021-45790
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands...
CVE-2021-45789
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...