Lucene search
K

55 matches found

OSV
OSV
added 2023/12/13 10:15 a.m.2 views

PYSEC-2023-296

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

7.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/12/13 10:15 a.m.2 views

PYSEC-2023-295

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads...

5.4CVSS5.8AI score
Exploits0References1
PyPA
PyPA
added 2023/12/13 10:15 a.m.7 views

PYSEC-2023-296

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

8.3CVSS7AI score0.00603EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/13 10:15 a.m.3 views

PYSEC-2023-297

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...

7.5CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2023/12/13 10:15 a.m.4 views

PYSEC-2023-294

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

6.1CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/13 10:10 a.m.6 views

CVE-2023-6723 Unrestricted Upload of File with Dangerous Type in Repox

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise...

10CVSS9.4AI score0.0078EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/13 10:9 a.m.24 views

CVE-2023-6722 Relative Path Traversal in Repox

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...

7.5CVSS7.6AI score0.00829EPSS
Exploits0References1
CVE
CVE
added 2023/12/13 10:9 a.m.29 views

CVE-2023-6722

CVE-2023-6722 describes a path traversal in Repox that allows reading arbitrary files on the server, leading to sensitive data disclosure. Public details in the provided documents indicate this affects Repox, with CNNVD noting existence in Repox 2.3.7 and earlier; PT Security lists the vulnerabil...

7.5CVSS7.4AI score0.00829EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/13 10:6 a.m.30 views

CVE-2023-6721 Improper Restriction of XML External Entity Reference in Repox

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

8.3CVSS8.3AI score0.00603EPSS
Exploits0References1
CVE
CVE
added 2023/12/13 10:6 a.m.39 views

CVE-2023-6721

CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox that affects the XML data processing in the fileupload function, enabling a remote attacker to cause interaction with the server’s filesystem. Public sources consistently describe this as an XXE issue with high impact. CNNVD not...

8.3CVSS7.6AI score0.00603EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/13 10:4 a.m.20 views

CVE-2023-6720 Cross-site Scripting in Repox

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads...

5.5CVSS5.4AI score0.00373EPSS
Exploits0References1
CVE
CVE
added 2023/12/13 10:4 a.m.37 views

CVE-2023-6720

CVE-2023-6720 describes a stored XSS in Repox due to insufficient sanitisation of field elements, allowing an attacker to store a JavaScript payload on the server and trigger it when the application loads. The vulnerability affects Repox (version details not specified in the provided documents). ...

5.5CVSS5.2AI score0.00373EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/13 9:16 a.m.27 views

CVE-2023-6719 Cross-site Scripting in Repox

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

6.3CVSS6.3AI score0.0041EPSS
Exploits0References1
CVE
CVE
added 2023/12/13 9:16 a.m.33 views

CVE-2023-6719

Repox has an XSS vulnerability tracked as CVE-2023-6719. Multiple connected sources describe an issue where a malicious actor can craft and deliver JavaScript payloads to a user, enabling an attacker to compromise interactions with the vulnerable application and potentially gain control of the us...

6.3CVSS6.1AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/13 9:15 a.m.3 views

CVE-2023-6718

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

7.5CVSS5.8AI score0.00855EPSS
Exploits0References1
NVD
NVD
added 2023/12/13 9:15 a.m.14 views

CVE-2023-6718

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

9.4CVSS0.00855EPSS
Exploits0References1
PyPA
PyPA
added 2023/12/13 9:15 a.m.16 views

PYSEC-2023-293

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

9.4CVSS7.2AI score0.00855EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/13 9:15 a.m.16 views

Authentication flaw

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

5CVSS7.6AI score0.00855EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/13 9:15 a.m.4 views

PYSEC-2023-293

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

7.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2023/12/13 9:8 a.m.27 views

CVE-2023-6718 Authentication Bypass Using an Alternate Path or Channel in Repox

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

9.4CVSS9.6AI score0.00855EPSS
Exploits0References1
Rows per page
Query Builder