42 matches found
CVE-2023-47438
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter...
PT-2024-13452 · Reportico · Reportico
Name of the Vulnerable Software and Affected Versions: Reportico versions prior to 8.1.0 Description: The issue allows attackers to obtain sensitive information or other system information via the project parameter. This is a SQL Injection vulnerability, which means attackers can inject malicious...
CVE-2023-47438
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter...
Taskhub 2.8.8 Cross Site Scripting
Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...
CVE-2022-1822
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
PT-2022-14141
Name of the Vulnerable Software and Affected Versions Zephyr Project Manager plugin for WordPress versions up to, and including, 3.2.40 Description The issue arises from insufficient input sanitization and output escaping, making it possible for unauthenticated attackers to inject arbitrary web...
CVE-2020-15828
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions...
Code injection
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions...
CVE-2020-15828
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions...
Cross site scripting
Cross-site scripting XSS vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter...
CVE-2019-11359
Cross-site scripting XSS vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter...
CVE-2019-11359
Cross-site scripting XSS vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter...
CVE-2019-11359
Cross-site scripting XSS vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter...
PT-2019-12255
Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the project parameter in the display.php file. Recommendations For I, Librari...
Weblate: Missing Restriction On String Size
Similar to 223454, there is no string size restriction on project parameter which is sent directly to the server. URL: https://hosted.weblate.org/hosting/ PoC: poc1.png and poc2.png Shall you need any more info notify me,...
Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource
The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...
CVE-2011-4171
Cross-site scripting XSS vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp...
Sql injection
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter...
CVE-2008-1864
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter...
Sql injection
SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter...