414 matches found
CVE-2024-49224
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mahesh9696 Mitm Bug Tracker mitm-bug-tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through = 1.0...
CVE-2024-49224
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Mahesh Patel Mitm Bug Tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through 1.0...
CVE-2024-49224
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mahesh9696 Mitm Bug Tracker mitm-bug-tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through = 1.0...
CVE-2024-49224
CVE-2024-49224 is a Reflected XSS in the WordPress plugin Mitm Bug Tracker (versions n/a through 1.0). The vulnerability stems from improper input neutralization during web page generation, enabling reflected script execution. Affected software: Mitm Bug Tracker (WordPress) before or at 1.0. Publ...
CVE-2024-49224 WordPress Mitm Bug Tracker plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mahesh9696 Mitm Bug Tracker mitm-bug-tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through = 1.0...
CVE-2024-49224 WordPress Mitm Bug Tracker plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mahesh9696 Mitm Bug Tracker mitm-bug-tracker allows Reflected XSS.This issue affects Mitm Bug Tracker: from n/a through = 1.0...
PT-2024-33360 · Unknown · Mahesh Patel Mitm Bug Tracker
Name of the Vulnerable Software and Affected Versions: Mahesh Patel Mitm Bug Tracker versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: F...
WordPress plugin Mitm Bug Tracker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Mitm Bug Tracker plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Mitm Bug Tracker versions = 1.0...
WordPress Mitm Bug Tracker Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Mitm Bug Tracker Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49224 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7b5fcd32755d Credits Mika Required privilege...
CVE-2024-45792
Mantis Bug Tracker MantisBT is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4...
Mantis Bug Tracker 信息泄露漏洞
Mantis Bug Tracker MantisBT is a bug tracker from Mantis Bug Tracker open source. An information disclosure vulnerability exists in Mantis Bug Tracker version 2.26.3 and earlier versions. An attacker exploits this vulnerability to retrieve information about another user's personal system...
PT-2024-31773 · Unknown · Mantis Bug Tracker
Name of the Vulnerable Software and Affected Versions: Mantis Bug Tracker MantisBT versions prior to 2.26.4 Description: The issue allows an unprivileged, registered user to retrieve information about other users' personal system profiles using a crafted POST request. This can lead to the...
Oracle Linux 8 : bind / and / dhcp (ELSA-2024-3271)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3271 advisory. - Speed up parsing of DNS messages with many different names CVE-2023-4408 - Prevent increased CPU consumption in DNSSEC validator CVE-2023-50387...
CVE-2024-35846
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroupdisable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs 1 and the Red Hat...
CVE-2024-35846 mm: zswap: fix shrinker NULL crash with cgroup_disable=memory
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroupdisable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs 1 and the Red Hat...
CVE-2024-35846 mm: zswap: fix shrinker NULL crash with cgroup_disable=memory
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroupdisable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs 1 and the Red Hat...
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...
GHSA-WGX7-JP56-65MQ Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...
GHSA-93X3-M7PW-PPQM Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...