Server-side Request Forgery (SSRF)

Overview @aborruso/ckan-mcp-server is a MCP server for interacting with CKAN open data portals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseurl parameter in the ckanpackagesearch, sparqlquery, and ckandatastoresearchsql tools. An attacker can...

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...

GHSA-W7RQ-FGX4-4XCM LavaLite CMS affected by a stored cross-site scripting vulnerability

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

CVE-2025-71177

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

CVE-2025-71177 LavaLite CMS <= 10.1.0 Stored XSS via Package Creation and Search

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

CVE-2025-71177

LavaLite CMS ≤ 10.1.0 is reported to have a stored XSS vulnerability in package creation and package search. Authenticated users can inject HTML/JavaScript into the Package Name or Description fields, which is stored and later rendered without proper output encoding in search results, enabling po...

CVE-2025-71177 LavaLite CMS <= 10.1.0 Stored XSS via Package Creation and Search

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that is stored and later rendered without prop...

EUVD-2023-42128

Malicious code in bioql PyPI...

Webmin < 2.100 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...

Sensitive Information Disclosure

ckan is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to leaking of the internal Solr URL potentially including credentials in the packagesearch calls as part of the returned error message when there are connection issues. This leads to compromising Confidentiali...

PT-2024-29499 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.10.5 CKAN versions prior to 2.11.0 Description: CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL...

CKAN 安全漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. CKAN suffers from a security vulnerability that stems from the fact that if there is a connectivity problem with the Solr server, the internal Solr URL is leaked to the...

CVE-2023-38309

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's...

CVE-2023-38309

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's...

CVE-2023-38309

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's...

Cross site scripting

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.021, which stems from a Reflected Cross-Site Scripting XSS vulnerability discovered in the Package Search feature. The...

PT-2023-4158 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Reflected Cross-Site Scripting XSS issue was discovered in the package search functionality, allowing an attacker to inject a malicious payload in the Search for Package field. This payload gets reflected...

CVE-2023-38309

CVE-2023-38309 affects Webmin 2.021 and describes a Reflected Cross-Site Scripting (XSS) vulnerability in the package search feature. An attacker can inject a payload in the "Search for Package" field, which is reflected in the response and can execute arbitrary JavaScript in the victim’s browser...

CVE-2023-38309

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's...