CVE-2024-2731

Users with low privileges all permissions deselected in the administrator permissions settings can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users c...

Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description

Impact An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. Patches Users should upgrade to Taguette 1.5.0. References -...

GHSA-G9QW-G6RV-3889 Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description

Impact An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. Patches Users should upgrade to Taguette 1.5.0. References -...

EUVD-2023-26617

Malicious code in bioql PyPI...

CVE-2023-22455

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full...

CVE-2024-2731

CVE-2024-2731 describes an improper access control issue in Mautic-based deployments (cited via Red Hat and CVE records) where users with low privileges can view pages exposing sensitive data (company names, user names/surnames, stage names, monitoring campaigns and their descriptions) and can al...

PT-2024-21812 · Mautic +1 · Mautic

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue allows users with low privileges to view certain pages that expose sensitive information, including company names, users' names...

answer 跨站脚本漏洞

Answer is an open source knowledge-based community software. You can quickly use it to build Q&A communities for your products, customers, teams and more. Answer has a cross-site scripting vulnerability in versions prior to 1.0.6. The vulnerability stems from the fact that when answering added ne...

Cross site scripting

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from its tag descriptions that can be updated by moderators allowing an attacker to implement cross-sit...

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...