26 matches found
CVE-2024-1246 Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...
PT-2024-17603 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.2.4 Description: The issue is related to insufficient validation of administrator-provided data in the Image URL Import Feature, allowing a rogue administrator to inject malicious code when importing images...
CVE-2022-1977
The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Confluence remote code execution RCE...
Design/Logic Flaw
In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...
Remote Command Execution in git client (CVE-2017-12426)
Remote Command Execution in git client CVE-2017-12426 An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...