Lucene search
K

29 matches found

CNNVD
CNNVD
added 2024/06/18 12:0 a.m.4 views

JetBrains Hub Cross-Site Scripting Vulnerability

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A cross-site scripting vulnerability exists in versions prior to JetBrains Hub 2024.2.34646, which stems from a cross-site scripting vulnerabili...

5.4CVSS6.1AI score0.00238EPSS
Exploits0References2
NVD
NVD
added 2024/04/04 7:15 a.m.17 views

CVE-2024-29375

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...

9.8CVSS7.7AI score0.01463EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/04 12:0 a.m.17 views

CVE-2024-29375

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles and Yield Curve Name parameters...

8AI score0.01463EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.5 views

Addactis IBNRS 安全漏洞

Addactis IBNRS is a non-life insurance solution from Addactis. A security vulnerability exists in Addactis IBNRS version v.3.10.3.107, which stems from a vulnerability that allows remote attackers to execute, via a crafted .ibnrs file, the Project Description, Identifiers, Custom Triangle Name, a...

9.8CVSS6.6AI score0.01463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.7 views

PT-2024-22870 · Addactis · Addactis Ibnrs

Name of the Vulnerable Software and Affected Versions: Addactis IBNRS version 3.10.3.107 Description: The issue allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles, and Yield Curve Name...

9.8CVSS7.9AI score0.01463EPSS
Exploits0References3
CVE
CVE
added 2024/04/04 12:0 a.m.53 views

CVE-2024-29375

Addactis IBNRS v3.10.3.107 is affected by a CSV Injection vulnerability that lets an attacker craft a .ibnrs file to inject content into Project Description, Identifiers, Custom Triangle Name, and Yield Curve Name, enabling remote arbitrary code execution. The CVSS 3.1 base score is 9.8 (CRITICAL...

9.8CVSS8AI score0.01463EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/28 12:15 a.m.3 views

CVE-2023-47437

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting XSS attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script...

5.4CVSS6AI score0.00475EPSS
Exploits0References3
Veracode
Veracode
added 2023/08/06 2:36 p.m.19 views

HTML Injection

gitlab is vulnerable to HTML injection. This vulnerability occurs due to a flaw in the way that GitLab handles the full name field. An attacker can exploit this vulnerability to inject malicious code into a project's description...

5.4CVSS6.9AI score0.00747EPSS
Exploits0References4Affected Software1
Atlassian
Atlassian
added 2014/10/27 10:1 p.m.19 views

HTML does not render in Project Description

If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...

0.4AI score
Exploits0
Rows per page
Query Builder