19 matches found
EUVD-2023-12374
Malicious code in bioql PyPI...
EUVD-2023-33764
Malicious code in bioql PyPI...
EUVD-2023-33765
Malicious code in bioql PyPI...
CVE-2023-2259
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-0300
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
PT-2023-18577 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue concerns an improper authorization of an index containing sensitive information. This could potentially allow for an authorization bypass through a user-controlled key...
CVE-2023-2260
CVE-2023-2260 affects alfio-event/alf.io prior to 2.0-M4-2304. The related documents describe an authorization bypass through a user-controlled key that risks exposing an index containing sensitive information. Impact is described as high for confidentiality, integrity, and availability, with CVS...
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
CVE-2023-2259 Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...
PT-2023-18572 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue is related to the improper neutralization of special elements used in a template engine. This problem affects the GitHub repository alfio-event/alf.io. Recommendations: F...
CVE-2023-0300
CVE-2023-0300 is a reflected XSS in alf.io (alfio-event/alf.io) prior to version 2.0-M4-2301. The root cause is improper handling/encoding of user-controlled input in the Groups component, enabling HTML/script injection in responses. Impact is limited to browsers where the input is reflected, wit...
CVE-2023-0300 Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-0301
CVE-2023-0301 describes a stored Cross-site Scripting (XSS) vulnerability in the Alf.io event/markdown feature, reported to affect Alf.io versions prior to 2.0-M4-2301. The issue arises from user-supplied content in the GitHub repository alfio-event/alf.io, allowing an attacker to inject scripts ...
CVE-2023-0300 Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io
Cross-site Scripting XSS - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301...
CVE-2023-0301 Cross-site Scripting (XSS) - Stored in alfio-event/alf.io
Cross-site Scripting XSS - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301...