32 matches found
GHSA-QV78-C8HC-438R OpenMage vulnerable to XSS in Admin Notifications
Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...
OpenMage vulnerable to XSS in Admin Notifications
Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...
EUVD-2023-46164
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-12276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. CVE-2020-12276 Note that Nessus relies on the presence of the package as...
Feed Them Social < 4.2.1 - Cross-Site Request Forgery via review_nag_check
Description The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the 'reviewnagcheck' function. This makes it possible for...
10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status
Description The 10WebAnalytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gawdwdbpinstallnoticestatus function in versions up to, and including, 1.2.12. This makes it possible for authenticated attackers, with subscriber-level...
PT-2023-28042 · WordPress · Hide Admin Notices – Admin Notification Center
Name of the Vulnerable Software and Affected Versions: Rémi Leclercq Hide admin notices – Admin Notification Center plugin versions prior to 2.3.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user in...
jeesite 安全漏洞
Zhuo source software Jeesite is China's Zhuo source software company of a set of open source Java EE enterprise-class rapid development platform . The platform includes system permissions components, data permissions components, data dictionary components, core tools components, view manipulation...
GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
GitHub has announced the general availability of a new security feature called push protection , which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ag...
Cross site scripting
CloudSchool v3.0.1 is vulnerable to Cross Site Scripting XSS. A normal user can steal session cookies of the admin users through notification received by the admin user...
UBUNTU-CVE-2020-12276
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature...
PT-2020-13089 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 9.5.9 through 12.9 Description: The issue concerns a stored XSS vulnerability in an admin notification feature. This allows for malicious code to be stored and executed when the notification is viewed by an administrator...