YAFNET 跨站脚本漏洞

YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s individual developers. Versions of YAFNET prior to 4.0.5 and 3.2.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient HTML cleaning or output encoding during postings and replies, whic...

YAFNET 跨站脚本漏洞

YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s developers. Versions of YAFNET prior to 4.0.5 and 3.2.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from the database logging mechanism serializing user agent headers as JSON without encoding the...

YAFNET SQL注入漏洞

YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s individual developers. Versions of YAFNET prior to 4.0.5 contained a SQL injection vulnerability. This vulnerability stems from the OnPost handler redirection of responses after executing side effects, which could allow...

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...

EUVD-2023-12594

Malicious code in bioql PyPI...

EUVD-2023-12684

Malicious code in bioql PyPI...

CVE-2023-0549

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...

CVE-2023-0650

A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2023-0650

A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2023-0650

A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

Cross site scripting

A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2023-0650

Vulnerability summary (CVE-2023-0650) : YAFNET versions up to 3.1.11 contain a cross-site scripting flaw in the Signature Handler component. The issue can be exploited remotely and an exploit has been disclosed publicly. Upgrading to version 3.1.12 addresses the issue; the patch is identified by ...

CVE-2023-0650 YAFNET Signature cross site scripting

A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

PT-2023-16427 · Yafnet · Yafnet

Name of the Vulnerable Software and Affected Versions: YAFNET versions up to 3.1.11 Description: A vulnerability was found in the Signature Handler component of YAFNET, which can lead to cross-site scripting. The attack may be initiated remotely. The issue affects some unknown processing of this...

YAFNET 跨站脚本漏洞

YAFNET is an ASP.NET open source forum solution for YAFNET individual developers. A cross-site scripting vulnerability exists in YAFNET versions prior to 3.1.11, which stems from unknown handling of the component Signature Handler, resulting in cross-site scripting XSS...

CVE-2023-0549

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...

CVE-2023-0549

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...

CVE-2023-0549

The CVE-2023-0549 issue affects YAFNET up to version 3.1.10 in the Private Message Handler’s /forum/PostPrivateMessage processing. The root cause is manipulation of the subject and message parameters, leading to cross-site scripting. The vulnerability can be triggered remotely; the exploit has be...

CVE-2023-0549 YAFNET Private Message PostPrivateMessage cross site scripting

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...