107 matches found
CVE-2025-65089
CVE-2025-65089 affects XWiki Remote Macros. Prior to version 1.27.0, a user with no view rights on a page could see the content of an office attachment rendered via the view file macro. This is a data leak due to mis-authorization in the macro rendering path. The issue has been patched in version...
CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...
Pro Macros 安全漏洞
Pro Macros is an XWiki enhancement plugin open-sourced by XWiki SAS. A security vulnerability exists in versions of Pro Macros prior to 1.27.0, which originates from the possibility that a user without view privileges may view the contents of office attachments via the view file macro...
XWiki view file macro: User can view content of office file without view rights on the attachment
Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...
GHSA-8C52-X9W7-VC95 XWiki view file macro: User can view content of office file without view rights on the attachment
Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...
PT-2025-47417
Name of the Vulnerable Software and Affected Versions XWiki versions prior to 1.27.0 Description A user lacking view permissions on a page may be able to access the content of an office attachment displayed using the view file macro. This occurs when an office attachment from a restricted page is...
CmsEasy 代码注入漏洞
CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A code injection vulnerability exists in CmsEasy 7.7.7 and earlier versions, which stems from improper manipulation of the parameter PHPSELF in the file lib/inc/view.php in the component URL...
EUVD-2025-26651
Malicious code in bioql PyPI...
EUVD-2025-28998
Malicious code in bioql PyPI...
CVE-2025-10799
A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/modreservation/index.php?view=view. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is...
CVE-2025-10780
A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument barcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...
CVE-2025-10780 CodeAstro Simple Pharmacy Management view.php sql injection
A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument barcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...
CVE-2025-10273
A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about th...
CVE-2025-10273
A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about th...
CVE-2025-9929
A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...
Code-Projects Responsive Blog Site 代码注入漏洞
Code-Projects Responsive Blog Site is a Code-Projects open source responsive blog site. Code-Projects Responsive Blog Site version 1.0 suffers from a code injection vulnerability that stems from improper manipulation of the parameters productcode/genname/productname/supplier in the file...
PT-2025-35837
Name of the Vulnerable Software and Affected Versions: code-projects Responsive Blog Site version 1.0 Description: A weakness exists in code-projects Responsive Blog Site 1.0, affecting an unknown function within the blogs view.php file. Manipulation of the product code, gen name, product name, o...
CVE-2024-3530
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marksview.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated...
CVE-2024-5381
A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...
CVE-2024-5236
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teachersalaryinvoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...