Lucene search
K

48 matches found

CNNVD
CNNVD
added 2023/10/22 12:0 a.m.3 views

Torchbox Wagtail Path Traversal Vulnerability

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Wagtail CRX CodeRed Extensions CodeRed CMS/coderedcms versions prior to 0.22.3, which stems from a path traversal allowed by views.py when serving protected media...

6.5CVSS6.7AI score0.0071EPSS
Exploits1References4
Veracode
Veracode
added 2023/08/24 10:46 a.m.21 views

Open Redirect

Horizon is vulnerable to Open Redirect. The vulnerability is due to improper URL redirects validation in the getcontextdata function of views.py, which allows an attacker to redirect a user to a malicious URL...

6.1CVSS6.1AI score0.00674EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2023/01/17 1:15 p.m.21 views

CVE-2015-10060

A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is...

9.8CVSS7AI score0.00676EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/17 12:58 p.m.13 views

CVE-2015-10060 MNBikeways database views.py sql injection

A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is...

5.5CVSS10AI score0.00676EPSS
Exploits0References3
CVE
CVE
added 2023/01/17 12:58 p.m.47 views

CVE-2015-10060

CVE-2015-10060 affects the MNBikeways database. The vulnerability is a SQL injection in the processing of Data/views.py caused by manipulating the id1/id2 parameters. A patch with hash 829a027aca7c17f5a7ec1addca8dd5d5542f86ac exists. Connected sources confirm this issue and its patch; no exploita...

9.8CVSS8AI score0.00676EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/01/16 7:15 p.m.13 views

Sql injection

A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch ...

7.5CVSS7.9AI score0.00672EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/16 6:58 p.m.3 views

CVE-2015-10056 2071174A vinylmap views.py contact sql injection

A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch ...

5.5CVSS9.9AI score0.00672EPSS
Exploits0References3
CVE
CVE
added 2023/01/16 6:58 p.m.62 views

CVE-2015-10056

CVE-2015-10056 affects vinylmap version 2071174A, specifically the contact function in recordstoreapp/views.py, where input handling leads to SQL injection. The vulnerability is tied to the patch named b07b79a1e92cc62574ba0492cce000ef4a7bd25f, and several sources recommend applying this patch to ...

9.8CVSS7.9AI score0.00672EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/01/05 6:28 a.m.49 views

Cross-site Scripting (XSS)

graphite-web is vulnerable to cross-site scripting. The vulnerability exists because the views.py does not properly escape the template name attribute before being rendered, allowing an attacker to inject and execute malicious JavaScript...

5.4CVSS5.4AI score0.00733EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2022/12/17 12:0 a.m.18 views

CVE-2022-4589 cyface Terms and Conditions Module views.py returnTo redirect

A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading ...

5.5CVSS6.5AI score0.00453EPSS
Exploits0References4
Veracode
Veracode
added 2022/11/03 4:42 a.m.34 views

Cross-Site Scripting (XSS)

apacheairflow is vulnerable to cross-site scripting. The vulnerability is due to the origin query argument in the getsafeurl function of views.py which allows an attacker to inject and execute arbitrary scripts...

6.1CVSS6.2AI score0.01435EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/10/18 3:15 p.m.22 views

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

7.5CVSS0.012EPSS
Exploits1References2
OSV
OSV
added 2022/10/18 3:15 p.m.14 views

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

7.5CVSS7.4AI score
Exploits0References2
Cvelist
Cvelist
added 2022/10/18 12:0 a.m.25 views

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

7.5AI score0.012EPSS
Exploits1References2
CVE
CVE
added 2022/10/18 12:0 a.m.57 views

CVE-2022-41547

MobSF (Mobile Security Framework) is affected up to version 0.9.2, with a local file inclusion (LFI) vulnerability in StaticAnalyzer/views.py that allows reading arbitrary files via a crafted HTTP request. The CVE notes a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector, no authentic...

7.5CVSS7.3AI score0.012EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2022/05/20 4:17 a.m.20 views

Cross-site Scripting (XSS)

OctoPrint is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the redirecturl parameter in the login function of views.py, allowing an attacker to inject and execute malicious javascript by redirecting to malicious URLs...

7.5CVSS7.1AI score0.01275EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/03/11 4:48 a.m.38 views

Remote Code Execution (RCE)

gerapy is vulnerable to remote code execution. An attacker can inject and execute malicious commands through the projectconfigure function of views.py...

3.5AI score
Exploits6References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/30 4:25 p.m.44 views

Improper Restriction of XML External Entity Reference in Quokka

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...

9.8CVSS9.5AI score0.02771EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/08/16 6:15 p.m.22 views

PYSEC-2021-145

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...

9.8CVSS7.8AI score0.02771EPSS
Exploits1References2
Prion
Prion
added 2021/08/16 6:15 p.m.8 views

Xxe

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...

7.5CVSS9.7AI score0.02771EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder