17 matches found
Incorrect Authorization
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the redirectClassNameForKey query parameter handling. An unauthenticated attacker can gain...
CVE-2020-10484
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request...
EUVD-2019-11435
Malware in sbrugna...
CVE-2024-57763
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField...
Atlassian Jira 8.0.2 < 8.7.0 Stored Cross-Site Scripting In Add Field Module
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.0.x prior to 8.7.0. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability i...
CVE-2022-44949
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short...
CVE-2019-20900
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...
CVE-2019-20900
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...
Cross site scripting
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...
CVE-2019-20900
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...
Atlassian JIRA Server and Data Center Add Field Module Cross-Site Scripting Vulnerability
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. The system is mainly used to track and manage all kinds of problems and defects in the workplace.Atlassian JIRA Data...
Stored XSS in Add Field module - CVE-2019-20900
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. Affected versions: version 8.7.0 Fixed versions: 8.7.0...
Stored XSS in Add Field module - CVE-2019-20900
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. Affected versions: version 8.7.0 Fixed versions: 8.7.0...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17207)
Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/add-field.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability stems from...
CVE-2020-10484
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request...
CVE-2020-10393
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-field.php by adding a question mark ? followed by the payload...
Bento4 'AP4_PrintInspector::AddField' function buffer overflow vulnerability
Bento4 is an open source C++ library for reading and writing MP4 files. A buffer overflow vulnerability exists in the 'AP4PrintInspector::AddField' function in the Core/Ap4Atom.cpp file in Bento4 version 1.5.1.0. The vulnerability stems from a networked system or product performing operations in...