Lucene search
K

344 matches found

OSV
OSV
added 2024/11/29 6:45 p.m.20 views

CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...

5.3CVSS5.9AI score0.00511EPSS
Exploits0References6
NVD
NVD
added 2024/11/26 5:15 a.m.12 views

CVE-2024-53278

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen...

4.8CVSS0.00369EPSS
Exploits0References3
CVE
CVE
added 2024/11/26 4:33 a.m.42 views

CVE-2024-53278

CVE-2024-53278 is a stored cross-site scripting vulnerability in the WordPress plugin WP Admin UI Customize . Affected versions are those prior to 1.5.14 . If a malicious admin user customizes the admin screen with crafted content, an arbitrary script can be executed in the web browser of other u...

4.8CVSS6.7AI score0.00369EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/26 4:33 a.m.17 views

CVE-2024-53278

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen...

4.8CVSS0.00369EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/26 4:33 a.m.10 views

CVE-2024-53278

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen...

4.8CVSS6.7AI score0.00369EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.3 views

WordPress plugin WP Admin UI Customize 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.5AI score0.00369EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/11/20 10:46 p.m.33 views

Searching Opencast may cause a denial of service

Impact First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in...

7.5CVSS6.5AI score0.00884EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.4 views

WordPress plugin WPForms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS8.3AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 2024/09/04 6:7 p.m.16 views

GHSA-C34R-238X-F7QX Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...

9.1CVSS9.2AI score0.01342EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/09/04 6:7 p.m.21 views

Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...

9.1CVSS9AI score0.01342EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/09/04 4:15 p.m.38 views

CVE-2024-45053

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS0.01342EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/04 4:4 p.m.13 views

CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS8.6AI score0.01342EPSS
Exploits1References2
CVE
CVE
added 2024/09/04 4:4 p.m.52 views

CVE-2024-45053

Fides (open‑source privacy engineering platform) is affected by a Server‑Side Template Injection in the Email Templating feature using Jinja2, allowing Remote Code Execution by privileged Admin UI users. Cloaked between versions 2.19.0 and before 2.44.0, the issue arises from insufficient input s...

9.1CVSS8.8AI score0.01342EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/09/04 4:4 p.m.24 views

CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS7.9AI score0.01342EPSS
Exploits1References4
Veracode
Veracode
added 2024/08/05 2:53 p.m.8 views

Cross-site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of filenames, allowing XSS payloads to be executed during file upload...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/08/02 9:12 p.m.49 views

Reposilite artifacts vulnerable to Stored Cross-site Scripting

Summary Reposilite v3.5.10 is affected by Stored Cross-Site Scripting XSS when displaying artifact's content in the browser. Details As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The...

7.1CVSS6.8AI score0.00783EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/07/31 5:1 p.m.7 views

GHSA-GC5H-6JX9-Q2QH eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget

Impact The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the uploa...

5.4CVSS5.1AI score0.00363EPSS
Exploits0References5
NVD
NVD
added 2024/07/31 4:15 p.m.40 views

CVE-2024-39318

The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have t...

5.4CVSS0.00363EPSS
Exploits0References5
CVE
CVE
added 2024/07/31 3:38 p.m.108 views

CVE-2024-39318

The CVE-2024-39318 entry maps to a concrete DOM-based XSS in the Ibexa Admin UI Bundle file-upload widget. The vulnerability stems from insufficient sanitization of filenames, allowing XSS payloads to be executed during upload when the attacker has upload-permission (typically authenticated edito...

5.4CVSS6AI score0.00363EPSS
Exploits0References5
OSV
OSV
added 2024/07/31 3:38 p.m.25 views

CVE-2024-39318 Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget

The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have t...

5.4CVSS6AI score0.00363EPSS
Exploits0References7
Rows per page
Query Builder