Lucene search
+L

6 matches found

Drupal
Drupal
added 2026/06/24 12:0 a.m.8 views

Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-051

This module enables you to collect feedback from your site visitors on content pages, presenting Yes/No buttons and providing dashboards for administrators to review the responses. The module doesn't sufficiently sanitize several administrator-configured response messages the "Yes response", "No...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 5:51 p.m.14 views

Server-side Request Forgery (SSRF)

Overview edx-enterprise is a Your project description goes here Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the syncproviderdata function. An attacker can cause the server to make arbitrary HTTP requests to internal or external resources by supplying a...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/05 7:52 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

8.8CVSS6.9AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/05 7:52 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

8.8CVSS6.9AI score0.00276EPSS
Exploits0References2
Cisco
Cisco
added 2025/08/27 4:0 p.m.22 views

Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

5.4CVSS5.9AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/12/03 12:0 a.m.6 views

PT-2020-16169 · Red Hat · Infinispan

Name of the Vulnerable Software and Affected Versions: infinispan version 10 Description: A flaw was found in the infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authorization is enabled, any user with authentication...

6.5CVSS6.3AI score0.01067EPSS
Exploits0References9
Rows per page
Query Builder