36 matches found
CVE-2024-55088
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery SSRF in the backend plugin module...
PT-2024-36475 · Unknown · Getsimple Cms
Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue is related to Server-Side Request Forgery SSRF in the backend plugin module. This allows an attacker to forge requests from the server, potentially leading to unauthorized access or...
CVE-2024-55088
CVE-2024-55088 affects GetSimple CMS CE 3.3.19 with a Server-Side Request Forgery (SSRF) in the backend plugin module . The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privileges required, and impact to confidentiality, integrity, and availability (all...
CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 relea...
CVE-2024-45815
CVE-2024-45815 – Prototype Pollution in @backstage/plugin-catalog-backend Affects Backstage (specifically the catalog-backend plugin). A malicious actor with authenticated access to a Backstage instance using the catalog backend can interrupt the service by sending a specially crafted query to th...
Backstage 安全漏洞
Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage version 1.25.0, which originates from an instance of Backstage with the Directory Backend plugin installed, where a malicious actor with...
GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...
Privilege escalation
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...
CVE-2022-47766
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...
Information Disclosure
grafana is vulnerable to information disclosure.The vulnerability exits in grafana backend plugin which allows a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource...
@backstage-community/plugin-techdocs-backend-module-confluence (>=0.2.0 <=0.2.1), @backstage/plugin-search-backend-module-techdocs (>=0.0.0-nightly-20230323021924 <=0.4.15-next.0) +13 more potentially affected by unknown CVE via @backstage/plugin-techdocs-node (>=0.0.0-nightly-20220315022536 <=1.1.2-next.2)
@backstage/plugin-techdocs-node NPM version =0.0.0-nightly-20220315022536, =0.2.0, =0.0.0-nightly-20230323021924, =0.0.0-nightly-202111212297, =0.0.0-nightly-20220305022735, =1.0.0, =1.0.1, =1.6.0, =0.0.4, =1.9.1, =1.0.1, =1.0.1, =0.0.0-nightly-2022122206, =0.1.5, =0.1.2, =1.1.0 Source cves:...
backstage cross-site scripting vulnerability
backstage is an application. Backstage is an open platform for building developer portals Backstage is vulnerable to a cross-site scripting vulnerability that stems from the lack of filtering and escaping of URL parameters in the affected version of the auth-backend plugin. An attacker could use...
CVE-2021-43776
CVE-2021-43776 is a Cross-Site Scripting vulnerability in the Backstage project, specifically within the auth-backend plugin. Affected versions allow an attacker to trick a user into visiting a vulnerable URL, enabling an XSS attack that could exfiltrate access tokens or other secrets from the us...
Command Execution Vulnerability in Extreme CMS Backend Plugin Installation
Extreme CMS is an open source and free CMS web content management system in PHP language. A command execution vulnerability exists in the backend plugin installation of Extreme CMS. Attackers can use this vulnerability to obtain server privileges...
LOCKON EC-CUBE BbAdminViewsControl Plugin SQL Injection Vulnerability
LOCKON EC-CUBE is a set of open source e-commerce website building platform. bbAdminViewsControl is one of the backend screen management plugin. LOCKON EC-CUBE BbAdminViewsControl suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting...
CVE-2014-5196
The CVE-2014-5196 entry details a CSRF vulnerability in the WordPress plugin Improved User Search in Backend (backend) prior to version 1.2.5. The flaw resides in the iusib_meta_fields parameter, enabling remote attackers to hijack administrator authentication by injecting XSS sequences. Affected...