48 matches found
Torchbox Wagtail Path Traversal Vulnerability
Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Wagtail CRX CodeRed Extensions CodeRed CMS/coderedcms versions prior to 0.22.3, which stems from a path traversal allowed by views.py when serving protected media...
Open Redirect
Horizon is vulnerable to Open Redirect. The vulnerability is due to improper URL redirects validation in the getcontextdata function of views.py, which allows an attacker to redirect a user to a malicious URL...
CVE-2015-10060
A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is...
CVE-2015-10060 MNBikeways database views.py sql injection
A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is...
CVE-2015-10060
CVE-2015-10060 affects the MNBikeways database. The vulnerability is a SQL injection in the processing of Data/views.py caused by manipulating the id1/id2 parameters. A patch with hash 829a027aca7c17f5a7ec1addca8dd5d5542f86ac exists. Connected sources confirm this issue and its patch; no exploita...
Sql injection
A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch ...
CVE-2015-10056 2071174A vinylmap views.py contact sql injection
A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch ...
CVE-2015-10056
CVE-2015-10056 affects vinylmap version 2071174A, specifically the contact function in recordstoreapp/views.py, where input handling leads to SQL injection. The vulnerability is tied to the patch named b07b79a1e92cc62574ba0492cce000ef4a7bd25f, and several sources recommend applying this patch to ...
Cross-site Scripting (XSS)
graphite-web is vulnerable to cross-site scripting. The vulnerability exists because the views.py does not properly escape the template name attribute before being rendered, allowing an attacker to inject and execute malicious JavaScript...
CVE-2022-4589 cyface Terms and Conditions Module views.py returnTo redirect
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading ...
Cross-Site Scripting (XSS)
apacheairflow is vulnerable to cross-site scripting. The vulnerability is due to the origin query argument in the getsafeurl function of views.py which allows an attacker to inject and execute arbitrary scripts...
CVE-2022-41547
Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...
CVE-2022-41547
Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...
CVE-2022-41547
Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...
CVE-2022-41547
MobSF (Mobile Security Framework) is affected up to version 0.9.2, with a local file inclusion (LFI) vulnerability in StaticAnalyzer/views.py that allows reading arbitrary files via a crafted HTTP request. The CVE notes a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector, no authentic...
Cross-site Scripting (XSS)
OctoPrint is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the redirecturl parameter in the login function of views.py, allowing an attacker to inject and execute malicious javascript by redirecting to malicious URLs...
Remote Code Execution (RCE)
gerapy is vulnerable to remote code execution. An attacker can inject and execute malicious commands through the projectconfigure function of views.py...
Improper Restriction of XML External Entity Reference in Quokka
XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...
PYSEC-2021-145
XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...
Xxe
XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...