3 matches found
GHSA-7X5C-VFHJ-9628 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2025-32951
CVE-2025-32951 affects io.jmix.rest:jmix-rest via the /files endpoint, enabling XSS when an attacker manipulates a file-path/name input so the Content-Type becomes text/html for names ending with .html. Impact is cross-site scripting in browsers when a malicious file is uploaded beforehand. Affec...