Kagemai Cross-Site Request Forgery Vulnerability

Kagemai is a defect tracking system used to share information about defects in software under development between development teams. A cross-site request forgery vulnerability exists in Kagemai 0.8.8. An attacker can exploit this vulnerability to hijack administrator authentication...

SourceForge Kagemai Cross-Site Scripting Vulnerability (CNVD-2021-24011)

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script in a user's web browser...

SourceForge Kagemai Cross-Site Scripting Vulnerability

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary script in a user's web browser...

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the statsBreakdown parameter in stats.php ...

SourceForge Kagemai 跨站脚本漏洞

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary script in a user's web browser...

JVN#11438679: Kagemai vulnerable to cross-site request forgery

Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privilege views a...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2021-14399)

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT 2.24.3 and earlier versions, which stems from a custom field name n...

Atlassian Jira Server Template Injection Vulnerability

Atlassian JIRA Server is the server version of a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing all kinds of issues and defects in the workplace. Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 suffer...

CVE-2021-21292

Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their...

OpenCATS Cross-Site Scripting Vulnerability (CNVD-2021-09918)

OpenCATS is a free open source candidate/applicant tracking system designed to allow recruiters to manage the hiring process from job posting and candidate application to candidate selection and submission. A cross-site scripting vulnerability exists in OpenCATS 0.9.5-3 and earlier versions. An...

CVE-2020-25830

CVE-2020-25830 affects MantisBT before 2.24.3. The root cause is improper escaping of a custom field name, permitting HTML injection and, if CSP allows, arbitrary JavaScript execution when updating that custom field via bug_actiongroup_page.php. Evidence in multiple sources ties this to an XSS ri...

CVE-2020-5246

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances wit...

CVE-2020-5246

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances wit...

CVE-2020-5246 LDAP injection vulnerability in Traccar GPS Tracking System

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances wit...

[SECURITY] Fedora 32 Update: glpi-9.4.6-1.fc32

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 29 Update: koji-1.19.1-1.fc29

Koji is a system for building and tracking RPMS. The base package contains shared libraries and the command-line interface...

[SECURITY] Fedora 31 Update: glpi-9.4.4-1.fc31

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

Open-source Ticket Request System Help Desk Privilege Vulnerability

Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...

[SECURITY] Fedora 29 Update: glpi-9.3.4-2.fc29

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 30 Update: glpi-9.4.3-1.fc30

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...