Cross-site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper filtering in the reportthis function in librenms/includes/functions.php, specifically incorrect use of htmlentities in an href context, which allows an attacker to inject malicious script v...

UBUNTU-CVE-2025-7000

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests...

CVE-2025-62365

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

LibreNMS is vulnerable to Reflected-XSS in `report_this` function

Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

CVE-2025-62365

CVE-2025-62365 affects LibreNMS (LibreNMS/librenms) prior to version 25.7.0. The vulnerability is a reflected XSS in the function report_this (librenms/includes/functions.php) caused by improper filtering of user input, specifically the incorrect use of htmlentities in a href context, which allow...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

EUVD-2025-34114

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.7.0, which...

EUVD-2019-16546

Malware in sbrugna...

Gitlab -- vulnerabilities

Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...

BIT-GITLAB-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

UBUNTU-CVE-2022-3066

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project...

CVE-2022-3331

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 14.5 through 15.1.6,...

CVE-2022-3331

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

CVE-2022-3331

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...

GitLab 14.8.x < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Improper Authorization Vulnerability

GitLab is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

PT-2020-19251 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 8.9.0 through 12.6.1 Description: An issue was discovered that allows someone to obtain issues from private projects using the project import feature. Recommendations: For GitLab Enterprise Edition versions...