EUVD-2021-13504

Malware in sbrugna...

Dmacroweb DM Corporative CMS 安全漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...

CVE-2021-26716

Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter...

i-doit 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...

CVE-2024-34832

Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the g and node parameters...

PT-2024-26229 · Cubecart · Cubecart

Name of the Vulnerable Software and Affected Versions: CubeCart versions 6.5.5 and earlier Description: The issue allows an attacker to execute arbitrary code via a crafted file uploaded to the g and node parameters. This enables the attacker to potentially access and manipulate sensitive data or...

WPvivid Backup & Migration Plugin < 0.9.100 - Admin+ PHAR Deserialization

Description The plugin is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the treenodenodeid parameter. Th...

Jenkins vboxwrapper Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins vboxwrapper Plugin 1.3 and earlier versions are vulnerable to a...

CVE-2022-29044

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-29044

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-29044

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-29044

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins Node and Label parameter Plugin, which stems from the applicatio...

Abstrium Pydio Cells 路径遍历漏洞

Abstrium Pydio Cells is a next-generation file sharing platform developed using the Go language by Abstrium France. A path traversal vulnerability exists in Abstrium Pydio Cells 2.2.9, which allows a remote authenticated user to pass the node parameter for copy and move or pass the path parameter...

Emoncms Cross-Site Scripting Vulnerability (CNVD-2021-13224)

Emoncms is an open source web application for processing, recording and visualizing energy, temperature and other environmental data. A cross-site scripting vulnerability exists in Modules/input/Views/schedule.php in Emoncms 10.2.7 and earlier versions. An attacker can exploit this vulnerability...

CVE-2021-26716

Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter...

CVE-2021-26716

Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter...

Emoncms 跨站脚本漏洞

Emoncms is an open source web application for processing, recording and visualizing energy, temperature and other environmental data. A cross-site scripting vulnerability exists in Modules/input/Views/schedule.php in Emoncms 10.2.7 and earlier versions. An attacker can exploit this vulnerability...

CVE-2013-1859

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...

Design/Logic Flaw

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...