Lucene search
K

32 matches found

OSV
OSV
added 2025/11/03 8:24 p.m.8 views

GHSA-QV78-C8HC-438R OpenMage vulnerable to XSS in Admin Notifications

Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...

4.6CVSS5.3AI score0.00216EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/03 8:24 p.m.7 views

OpenMage vulnerable to XSS in Admin Notifications

Summary OpenMage versions v20.15.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Malicious JavaScript may be execute...

4.8CVSS5.3AI score0.00216EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46164

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00214EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-12276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. CVE-2020-12276 Note that Nessus relies on the presence of the package as...

4.8CVSS5.2AI score0.00552EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.13 views

Feed Them Social < 4.2.1 - Cross-Site Request Forgery via review_nag_check

Description The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the 'reviewnagcheck' function. This makes it possible for...

4CVSS6.6AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status

Description The 10WebAnalytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gawdwdbpinstallnoticestatus function in versions up to, and including, 1.2.12. This makes it possible for authenticated attackers, with subscriber-level...

9.2AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/09 12:0 a.m.5 views

PT-2023-28042 · WordPress · Hide Admin Notices – Admin Notification Center

Name of the Vulnerable Software and Affected Versions: Rémi Leclercq Hide admin notices – Admin Notification Center plugin versions prior to 2.3.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user in...

8.8CVSS8.8AI score0.00214EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/28 12:0 a.m.5 views

jeesite 安全漏洞

Zhuo source software Jeesite is China's Zhuo source software company of a set of open source Java EE enterprise-class rapid development platform . The platform includes system permissions components, data permissions components, data dictionary components, core tools components, view manipulation...

4.3CVSS5.2AI score0.00383EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2023/05/11 5:1 a.m.3 views

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection , which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ag...

6.8AI score
Exploits0
Prion
Prion
added 2023/01/30 3:15 p.m.16 views

Cross site scripting

CloudSchool v3.0.1 is vulnerable to Cross Site Scripting XSS. A normal user can steal session cookies of the admin users through notification received by the admin user...

4.9CVSS5.3AI score0.00602EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/04/29 5:15 p.m.3 views

UBUNTU-CVE-2020-12276

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature...

4.8CVSS5.8AI score0.00552EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/04/29 12:0 a.m.4 views

PT-2020-13089 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.5.9 through 12.9 Description: The issue concerns a stored XSS vulnerability in an admin notification feature. This allows for malicious code to be stored and executed when the notification is viewed by an administrator...

4.8CVSS4.8AI score0.00552EPSS
Exploits0References9
Rows per page
Query Builder