4 matches found
Unauthenticated DOM Based XSS in YesWiki
Unauthenticated DOM Based XSS in YesWiki ' . "\n"; if $nbtotal 1 $output .= t'TAGSTOTALNBPAGES', 'nbtotal' = $nbtotal; elseif $nbtotal == 1 $output .= t'TAGSONEPAGEFOUND'; else $output .= t'TAGSNOPAGE'; $output .= !empty$tabselectedtags ? ' ' . t'TAGSWITHKEYWORD' . ' ' . implode' '...
CVE-2023-24812 SQL injection of notes/search-by-tag
Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...
CVE-2023-24812
Misskey (open source, decentralized social media platform) has a SQL injection vulnerability in versions prior to 13.3.3 caused by insufficient parameter validation in the note search API (notes/search-by-tag). The issue is fixed in version 13.3.3. Recommendation: upgrade to 13.3.3 or later. If u...
Project-Pier ProjectPier-Core Cross-Site Scripting Vulnerability
Project-Pier ProjectPier-Core is a free open source project management system. Multiple cross-site scripting vulnerabilities exist in Project-Pier ProjectPier-Core. A remote attacker can inject arbitrary web script or HTML by sending the 'searchfor' parameter to the searchbytag.php file,...