Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...

CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...

CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...

CVE-2022-24900

CVE-2022-24900 affects Piano LED Visualizer 1.3 and earlier, where an insecure os.path.join allows path traversal when combined with untrusted input. If an absolute path is supplied, os.path.join discards the prior path and passes the result to flask.send_file, enabling access to unintended files...

Piano LED Visualizer 安全漏洞

Piano LED Visualizer is a piano playing software. A security vulnerability exists in Piano LED Visualizer version 1.3 and prior versions that stems from an insecure os.path.join when using untrusted input...

PT-2022-16970 · Flask +1 · Flask +1

Name of the Vulnerable Software and Affected Versions: Piano LED Visualizer versions 1.3 and prior Description: The issue concerns a path traversal attack. The os.path.join call is unsafe for use with untrusted input, as it ignores all parameters encountered before an absolute path and starts...

Exploit for Code Injection in Elastic Kibana

CVE-2019-7609 Kibana versions before 5.6.15 and 6.6.1 contain...

VulnCheck KEV: CVE-2019-7609

Kibana contain an arbitrary code execution flaw in the Timelion visualizer...

CVE-2020-2236

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission...

CVE-2020-2236

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission...

CVE-2020-2236

The CVE-2020-2236 entry concerns Jenkins’ Yet Another Build Visualizer Plugin. Versions 1.11 and earlier are vulnerable to stored XSS because tooltip content is not escaped, exploitable by users with Run/Update permission. The issue is addressed by updating to version 1.12 or later, which escapes...

Umbraco CMS 7.12.4 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Umbraco CMS - Authenticated Remote Code Execution Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link:...

Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia pronounced as shown here helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies. Aaia also supports modules to...

WordPress Visualizer Server-Side Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Visualizer plugin is a chart management plugin used in it. A server-side request forgery vulnerability exists in WordPress Visualizer...

Elastic Kibana < 5.6.15, 6.x.x < 6.6.1 RCE Vulnerability - Active Check

Kibana contains an arbitrary code execution flaw in the Timelion visualizer. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Kibana 5.x < 5.6.15 / 6.x < 6.6.1 Multiple Vulnerabilities

Binary data 701234.prm...

Exploit for Code Injection in Elastic Kibana

PoC exploit for CVE-2019-7609, an RCE vulnerability in Kibana ve...

CVE-2019-16931

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

Cross site scripting

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

CVE-2019-16931

The WordPress Visualizer plugin (versions prior to 3.3.1; affected entry cites 3.3.0) contains a stored XSS via the WP-JSON API endpoint /wp-json/visualizer/v1/update-chart. The root cause is that Block.php registers this endpoint with no access control and Data.php lacks output sanitization, all...