Lucene search
K

424 matches found

NVD
NVD
added 2024/07/22 6:15 a.m.18 views

CVE-2024-41709

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

6.1CVSS0.00315EPSS
Exploits0References1
OSV
OSV
added 2024/07/22 6:15 a.m.14 views

CVE-2024-41709

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

4.8CVSS6.7AI score
Exploits0References1
Veracode
Veracode
added 2024/05/23 6:56 a.m.9 views

Open Redirect

Drupal's path module is vulnerable to a Open Redirect. The vulnerability is due to improper URL handling which allows users with 'administer paths' permissions to create URLs that redirect to malicious sites...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/15 8:52 p.m.13 views

Drupal External URL injection through URL aliases leading to Open Redirect

The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url...

7AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.3 views

PT-2024-40158 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The issue concerns the path module in Drupal, which allows users with the 'administer paths' permission to create pretty URLs for content. Under certain circumstances, a user can enter a...

6.7AI score
Exploits0References4
Cvelist
Cvelist
added 2024/04/04 7:51 a.m.32 views

CVE-2024-29008 Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance

A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not...

6.8AI score0.00619EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/03 7:9 p.m.15 views

CVE-2024-3181 Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.

Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS...

3.1CVSS3.5AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2024/03/14 3:15 a.m.5 views

CVE-2024-25652

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE with access to the Report functionality to gain unauthorized access to remote sessions created by legitimate users through...

8.4CVSS5.8AI score0.0059EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:44 a.m.75 views

Directory traversal

XenForo before 2.2.14 allows Directory Traversal with write access by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import...

7.2AI score0.0102EPSS
Exploits0References3
OSV
OSV
added 2024/02/28 6:14 p.m.5 views

DRUPAL-CONTRIB-2024-011

The Coffee module helps you to navigate through the Drupal admin menus faster with a shortcut popup. The module doesn't sufficiently escape menu names when displaying them in the popup, thereby exposing a XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...

4.8CVSS6.2AI score0.00214EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/11/29 3:30 p.m.31 views

Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability

Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.8CVSS7AI score0.00447EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.31 views

Jenkins Build Failure Analyzer Plugin missing permission check

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

6.5CVSS6.6AI score0.00504EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.39 views

Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, th...

8.8CVSS6.6AI score0.00406EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/02 6:59 p.m.2 views

DRUPAL-CONTRIB-2023-033

This module enables you to add the Matomo web statistics tracking system to your website. The module does not check the Matomo JS code loaded on the website. So a user could configure the module to load JS from a malicious website. This vulnerability is mitigated by the fact that an attacker must...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.26 views

Jenkins SAML Single Sign On(SSO) Plugin missing permission check

Jenkins SAML Single Sign OnSSO Plugin 2.3.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to download a string representation of the current security realm Java ObjecttoString, which potentially includes sensitive...

4.3CVSS6.5AI score0.00371EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/28 5:34 p.m.3 views

DRUPAL-CONTRIB-2023-029

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker needs additional permissions. The...

6AI score
Exploits0References1
OSV
OSV
added 2023/06/28 5:3 p.m.6 views

DRUPAL-CONTRIB-2023-024

This module enables you to create dynamic layouts and add sample color palettes for color selection hints via its UI. The module doesn't sufficiently sanitize the module's settings in certain scenarios leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact th...

6.3AI score
Exploits0References1
OSV
OSV
added 2023/06/28 5:2 p.m.5 views

DRUPAL-CONTRIB-2023-023

This module enables you to define configurable GDPR alert messages. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker needs additional permissions. The vulnerability can be...

6AI score
Exploits0References1
OSV
OSV
added 2023/06/21 5:3 p.m.2 views

DRUPAL-CONTRIB-2023-021

CivicCookieControl is a module that can help make a website compliant with EU and UK cookie legislation. The Civic GovUK Cookie Control module does not sufficiently sanitize the configuration resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that t...

5.9AI score
Exploits0References1
OSV
OSV
added 2023/06/14 2:52 p.m.4 views

DRUPAL-CONTRIB-2023-020

This module enables you to define a 'weekly office hours' field type, and add a field to any Content type, in order to display the weekly opening hours for a location. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...

6AI score
Exploits0References1
Rows per page
Query Builder