217 matches found
CVE-2026-55748
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
CVE-2026-55748
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
MAL-2026-5792 Malicious code in nativescript-swisspost-imagepicker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2271ce1525f722f302ee59b9de3270020e6d1aa84d74cc2972cb6ffa34d9a62 package.json declares preinstall: node index.js. On npm install, index.js reads process.env.INITCWD the installing project's working directory, takes...
Malicious code in nativescript-swisspost-pcc-creative-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c9ef8861d14485e696e98c66d95ee5c2a5a608b213841c9c18b254003ae049 Package masquerades as an internal Swiss Post NativeScript package name nativescript-swisspost-pcc-creative-editor, description literally Security Po...
MAL-2026-5793 Malicious code in nativescript-swisspost-pcc-creative-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c9ef8861d14485e696e98c66d95ee5c2a5a608b213841c9c18b254003ae049 Package masquerades as an internal Swiss Post NativeScript package name nativescript-swisspost-pcc-creative-editor, description literally Security Po...
CVE-2026-34463
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...
CVE-2026-44655
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-9811
A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...
CVE-2026-44655
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
EUVD-2026-33025
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-44655
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...
EUVD-2026-30998
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...
CVE-2026-34463 MantisBT has Stored HTML Injection/XSS via Clone Issue Form
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...
CVE-2026-34463
CVE-2026-34463 affects MantisBT prior to 2.28.2. When cloning an issue from a different project, the clone form (bug_report_page.php) prepends the source project name before the category selector without proper escaping, allowing stored HTML injection (XSS) if an attacker can set the project name...
Mantis Bug Tracker 跨站脚本漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier had a cross-site scripting vulnerability. This vulnerability occurred when cloning issues from other projects, where the clone form added the source project...
GHSA-7MQJ-8GJ2-CG59 MantisBT has Stored XSS on Move Attachments Admin Page
Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...
MantisBT has Stored XSS on Move Attachments Admin Page
Unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. Impact Cross-site scripting XSS. This is mitigated by Content Security Policy which restricts scripts execution. Patches -...