29 matches found
JetBrains Hub Cross-Site Scripting Vulnerability
JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A cross-site scripting vulnerability exists in versions prior to JetBrains Hub 2024.2.34646, which stems from a cross-site scripting vulnerabili...
CVE-2024-29375
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...
CVE-2024-29375
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...
Addactis IBNRS 安全漏洞
Addactis IBNRS is a non-life insurance solution from Addactis. A security vulnerability exists in Addactis IBNRS version v.3.10.3.107, which stems from a vulnerability that allows remote attackers to execute, via a crafted .ibnrs file, the Project Description, Identifiers, Custom Triangle Name, a...
PT-2024-22870 · Addactis · Addactis Ibnrs
Name of the Vulnerable Software and Affected Versions: Addactis IBNRS version 3.10.3.107 Description: The issue allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles, and Yield Curve Name...
CVE-2024-29375
Addactis IBNRS v3.10.3.107 is affected by a CSV Injection vulnerability that lets an attacker craft a .ibnrs file to inject content into Project Description, Identifiers, Custom Triangle Name, and Yield Curve Name, enabling remote arbitrary code execution. The CVSS 3.1 base score is 9.8 (CRITICAL...
CVE-2023-47437
A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting XSS attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script...
HTML Injection
gitlab is vulnerable to HTML injection. This vulnerability occurs due to a flaw in the way that GitLab handles the full name field. An attacker can exploit this vulnerability to inject malicious code into a project's description...
HTML does not render in Project Description
If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...