Lucene search
+L

380 matches found

OSV
OSV
added 2021/12/13 11:15 a.m.5 views

CVE-2021-24756

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...

6.1CVSS5.8AI score0.01322EPSS
Exploits2References1
CVE
CVE
added 2021/12/13 10:40 a.m.58 views

CVE-2021-24756

The WP System Log plugin (WordPress) before version 1.0.21 does not sanitize, validate, or escape the IP address parsed from login requests, allowing an unauthenticated attacker to trigger Cross‑Site Scripting in admins viewing the Activity/Log dashboard. A fix is to upgrade to 1.0.21 or newer (r...

6.1CVSS6AI score0.01322EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WP System Log plugin is a WordPress open source application plugin. WordPress WP System Log plugin in versions pri...

6.1CVSS5.7AI score0.01322EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.7 views

The vulnerability in the web interface for managing device information on the Cisco Common Services Platform Collector allows a malicious actor to enhance their privileges within the system.

The vulnerability of the Web interface for collecting device information on Cisco Common Services Platform Collector is related to an incorrect configuration of the system log. Exploiting this vulnerability allows a malicious actor to specify files other than logs as sources for the system log...

6.1CVSS5.6AI score0.01065EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.16 views

WordPress WP System Log plugin <= 1.0.20 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by wzy-ceb Attack defense in WordPress WP System Log plugin versions = 1.0.20. Solution Update the WordPress WP System Log plugin to the latest available version at least 1.0.21...

6.1CVSS2.2AI score0.01322EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2021/07/01 5:0 p.m.55 views

GHSA-H58V-C6RF-G9F7 Cross site scripting in the system log

Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...

6.1CVSS6.2AI score0.0074EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/07/01 5:0 p.m.57 views

Cross site scripting in the system log

Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...

6.1CVSS6.2AI score0.0074EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2021/06/24 4:21 a.m.18 views

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross site scripting. The vulnerability exists due to an insecure tllog table which will execute injected code in the browser when the system log is called in the back end...

6.1CVSS1.9AI score0.0074EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/06/23 11:15 a.m.27 views

CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

6.1CVSS0.0074EPSS
Exploits0References2
Prion
Prion
added 2021/06/23 11:15 a.m.15 views

Design/Logic Flaw

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

4.3CVSS6.2AI score0.0074EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/06/23 9:34 a.m.30 views

CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

6.5AI score0.0074EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/23 12:0 a.m.6 views

Contao 跨站脚本漏洞

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that allows an attacker to inject code into the tllog table, which will be executed in th...

6.1CVSS6.1AI score0.0074EPSS
Exploits0References4
NVD
NVD
added 2021/04/28 2:15 a.m.33 views

CVE-2021-31815

GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...

3.3CVSS0.00131EPSS
Exploits1References2
Prion
Prion
added 2021/04/28 2:15 a.m.17 views

Design/Logic Flaw

GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...

2.1CVSS4.1AI score0.00131EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/04/28 1:52 a.m.28 views

CVE-2021-31815

GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...

4.2AI score0.00131EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2021/04/06 1:30 p.m.22 views

pcs bug fix and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Bug Fixes and Enhancements: Pcsd logs to system log by mistake BZ1919318...

2.1AI score
Exploits0
OSV
OSV
added 2021/03/09 5:15 p.m.7 views

CVE-2020-8356

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...

4.9CVSS5.8AI score0.00542EPSS
Exploits0References1
NVD
NVD
added 2021/01/20 8:15 p.m.26 views

CVE-2021-1283

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

5.5CVSS5.1AI score0.00284EPSS
Exploits0References1
Prion
Prion
added 2021/01/20 8:15 p.m.22 views

Design/Logic Flaw

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

2.1CVSS5.1AI score0.00284EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/01/20 7:56 p.m.63 views

CVE-2021-1283

Cisco Data Center Network Manager (DCNM) is affected by an information-disclosure vulnerability in its logging subsystem. The issue arises because sensitive data is not properly masked before being written to system log files, allowing an authenticated, local attacker with valid credentials to vi...

5.5CVSS5AI score0.00284EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder