Lucene search
K

36 matches found

Vulnrichment
Vulnrichment
added 2024/12/18 12:0 a.m.12 views

CVE-2024-55088

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...

7.1AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.9 views

PT-2024-36475 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue is related to Server-Side Request Forgery SSRF in the backend plugin module. This allows an attacker to forge requests from the server, potentially leading to unauthorized access or...

8.8CVSS7AI score0.00242EPSS
Exploits0References8
CVE
CVE
added 2024/12/18 12:0 a.m.63 views

CVE-2024-55088

CVE-2024-55088 affects GetSimple CMS CE 3.3.19 with a Server-Side Request Forgery (SSRF) in the backend plugin module . The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privileges required, and impact to confidentiality, integrity, and availability (all...

8.8CVSS7AI score0.00242EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/17 8:14 p.m.40 views

CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 relea...

6.5CVSS0.00513EPSS
Exploits0References1
CVE
CVE
added 2024/09/17 8:14 p.m.118 views

CVE-2024-45815

CVE-2024-45815 – Prototype Pollution in @backstage/plugin-catalog-backend Affects Backstage (specifically the catalog-backend plugin). A malicious actor with authenticated access to a Backstage instance using the catalog backend can interrupt the service by sending a specially crafted query to th...

6.5CVSS6.3AI score0.00513EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.5 views

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage version 1.25.0, which originates from an instance of Backstage with the Directory Backend plugin installed, where a malicious actor with...

6.5CVSS6.3AI score0.00513EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 10:15 p.m.28 views

GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting

Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...

6.8CVSS6.9AI score0.02359EPSS
Exploits1References9
Prion
Prion
added 2023/01/19 7:15 p.m.15 views

Privilege escalation

PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...

6.5CVSS8.7AI score0.00803EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/19 12:0 a.m.18 views

CVE-2022-47766

PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...

8.8CVSS8.7AI score0.00803EPSS
Exploits1References3
Veracode
Veracode
added 2022/09/03 2:13 a.m.27 views

Information Disclosure

grafana is vulnerable to information disclosure.The vulnerability exits in grafana backend plugin which allows a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource...

8.3CVSS7.6AI score0.00903EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/06/17 1:11 a.m.6 views

@backstage-community/plugin-techdocs-backend-module-confluence (>=0.2.0 <=0.2.1), @backstage/plugin-search-backend-module-techdocs (>=0.0.0-nightly-20230323021924 <=0.4.15-next.0) +13 more potentially affected by unknown CVE via @backstage/plugin-techdocs-node (>=0.0.0-nightly-20220315022536 <=1.1.2-next.2)

@backstage/plugin-techdocs-node NPM version =0.0.0-nightly-20220315022536, =0.2.0, =0.0.0-nightly-20230323021924, =0.0.0-nightly-202111212297, =0.0.0-nightly-20220305022735, =1.0.0, =1.0.1, =1.6.0, =0.0.4, =1.9.1, =1.0.1, =1.0.1, =0.0.0-nightly-2022122206, =0.1.5, =0.1.2, =1.1.0 Source cves:...

5.7AI score
Exploits0
CNVD
CNVD
added 2021/11/30 12:0 a.m.25 views

backstage cross-site scripting vulnerability

backstage is an application. Backstage is an open platform for building developer portals Backstage is vulnerable to a cross-site scripting vulnerability that stems from the lack of filtering and escaping of URL parameters in the affected version of the auth-backend plugin. An attacker could use...

7.4CVSS3AI score0.00656EPSS
Exploits0References1
CVE
CVE
added 2021/11/26 6:15 p.m.59 views

CVE-2021-43776

CVE-2021-43776 is a Cross-Site Scripting vulnerability in the Backstage project, specifically within the auth-backend plugin. Affected versions allow an attacker to trick a user into visiting a vulnerable URL, enabling an XSS attack that could exfiltrate access tokens or other secrets from the us...

7.4CVSS6.1AI score0.00656EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/11/17 12:0 a.m.2 views

Command Execution Vulnerability in Extreme CMS Backend Plugin Installation

Extreme CMS is an open source and free CMS web content management system in PHP language. A command execution vulnerability exists in the backend plugin installation of Extreme CMS. Attackers can use this vulnerability to obtain server privileges...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/12/13 12:0 a.m.4 views

LOCKON EC-CUBE BbAdminViewsControl Plugin SQL Injection Vulnerability

LOCKON EC-CUBE is a set of open source e-commerce website building platform. bbAdminViewsControl is one of the backend screen management plugin. LOCKON EC-CUBE BbAdminViewsControl suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting...

4.3CVSS8AI score0.0107EPSS
Exploits0References1
CVE
CVE
added 2014/08/12 8:0 p.m.36 views

CVE-2014-5196

The CVE-2014-5196 entry details a CSRF vulnerability in the WordPress plugin Improved User Search in Backend (backend) prior to version 1.2.5. The flaw resides in the iusib_meta_fields parameter, enabling remote attackers to hijack administrator authentication by injecting XSS sequences. Affected...

4.3CVSS6.6AI score0.02125EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder