BIT-DOLIBARR-2020-11823

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...

A week in security (October 7 – October 13)

Last week on Malwarebytes Labs: Modern TVs have "unprecedented capabilities for surveillance and manipulation," group reveals Internet Archive suffers data breach and DDoS Google Search user interface: A/B testing shows security concerns remain AI girlfriend site breached, user fantasies stolen...

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

The vulnerability of the XWiki Admin Tools administrative tool of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the XWiki Admin Tools administrative tool, a component of the XWiki Platform for creating collaborative web applications, is related to insufficient verification of the authenticity of executed queries. Exploiting this vulnerability could allow a malicious actor, operating...

The vulnerability of the XWiki Admin Tools application on the XWiki Platform. XWiki is a platform for creating collaborative web applications. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the XWiki Admin Tools application in the XWiki platform involves insufficient verification of the authenticity of executed queries. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility...

Piwigo < 14.1.0 XSS Vulnerability

Piwigo is prone to a cross-site scripting XSS vulnerability in the Admin Tools plug-in component. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

Cross site scripting

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

CVE-2023-51790

CVE-2023-51790 affects piwigo v14.0.0, specifically the Admin Tools plug-in’s lang parameter, which is exposed to enable a cross-site scripting (XSS) vulnerability. The connected sources consistently describe an XSS that could allow a remote attacker to obtain sensitive information. The primary d...

CVE-2023-51790

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component...

PT-2024-14293 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: piwigo version 14.0.0 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. Recommendations: For piwigo version 14.0.0, consider...

GHSA-4F4C-RHJV-4WGV Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries

Impact A CSRF vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with...

CVE-2023-48293

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

Cross site request forgery (csrf)

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

CVE-2023-48292

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

Cross site request forgery (csrf)

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

CVE-2023-48293

The CVE refers to XWiki Admin Tools Application (pre-4.5.1) where a CSRF flaw in the Query on XWiki tool allows executing arbitrary database queries. This can modify or delete wiki data and potentially create an attacker account with elevated privileges, impacting confidentiality, integrity, and ...

CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...