Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2025/01/21 8:8 p.m.12 views

Unauthenticated DOM Based XSS in YesWiki

Unauthenticated DOM Based XSS in YesWiki ' . "\n"; if $nbtotal 1 $output .= t'TAGSTOTALNBPAGES', 'nbtotal' = $nbtotal; elseif $nbtotal == 1 $output .= t'TAGSONEPAGEFOUND'; else $output .= t'TAGSNOPAGE'; $output .= !empty$tabselectedtags ? ' ' . t'TAGSWITHKEYWORD' . ' ' . implode' '...

7.6CVSS6AI score0.00337EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/02/22 7:10 p.m.33 views

CVE-2023-24812 SQL injection of notes/search-by-tag

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...

8.8CVSS10AI score0.0071EPSS
Exploits0References2
CVE
CVE
added 2023/02/22 7:10 p.m.62 views

CVE-2023-24812

Misskey (open source, decentralized social media platform) has a SQL injection vulnerability in versions prior to 13.3.3 caused by insufficient parameter validation in the note search API (notes/search-by-tag). The issue is fixed in version 13.3.3. Recommendation: upgrade to 13.3.3 or later. If u...

9.8CVSS9.7AI score0.0071EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/02/06 12:0 a.m.5 views

Project-Pier ProjectPier-Core Cross-Site Scripting Vulnerability

Project-Pier ProjectPier-Core is a free open source project management system. Multiple cross-site scripting vulnerabilities exist in Project-Pier ProjectPier-Core. A remote attacker can inject arbitrary web script or HTML by sending the 'searchfor' parameter to the searchbytag.php file,...

6.1CVSS6.1AI score0.01084EPSS
Exploits1References1
Rows per page
Query Builder