CVE-2016-15009 OpenACS bug-tracker Search nav-bar.adp cross-site request forgery

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is...

CVE-2016-15009 OpenACS bug-tracker Search nav-bar.adp cross-site request forgery

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is...

CVE-2016-15009

The CVE-2016-15009 entry describes a Cross-Site Request Forgery in OpenACS bug-tracker, caused by an unknown function in lib/nav-bar.adp (component: Search). The issue allows remote exploitation and is mitigated by applying the patch named aee43e5714cd8b697355ec3bf83eefee176d3fc3. Connected sourc...

OpenACS bug-tracker 跨站请求伪造漏洞

bug-tracker is an OpenACS open source bug tracker. OpenACS bug-tracker suffers from a cross-site request forgery vulnerability that stems from a problem with an unknown function in the file lib/nav-bar.adp that can lead to cross-site request forgery...

PT-2023-10328 · Unknown · Openacs Bug-Tracker

Name of the Vulnerable Software and Affected Versions: OpenACS bug-tracker affected versions not specified Description: A problematic vulnerability has been found in OpenACS bug-tracker, affecting an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filedownload.php process. An attacker can execute arbitrary JavaScript code by attaching and triggering malicious SVG documents. Details Cross-site scripting or...

CVE-2022-33910

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, filedownload.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScri...

SUSE-SU-2022:2179-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550...

MantisBT 跨站脚本漏洞

MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.25.5, which originated from a...

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitatio...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the managecustomfieldeditpage.php. An attacker can inject malicious scripts into a hidden input field by manipulating the unescaped output of the return parameter...

Incorrect Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access-level checks in the bugactiongrouppage.php URL. An attacker can gain access to the Summary fields of private Issues by crafting a URL with...

Insecure Storage of Sensitive Information

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information via the manageprojeditpage.php parameter. An attacker can retrieve private project names without proper access rights by manipulating the projectid...

Incorrect Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Incorrect Authorization through the bugrevisionviewpage.php check. An attacker can gain access to potentially confidential information by manipulating the bugnoteid parameter. Remediation Upgra...

SQL Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to SQL Injection via the mcprojectgetusers function. An attacker can manipulate SQL queries and access or alter database information without proper authorization by injecting malicious SQL command...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pattern attribute in form inputs. An attacker can inject HTML or execute arbitrary JavaScript by crafting malicious input that exploits improper escaping of thi...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewallbugpage.php page. An attacker can inject and execute arbitrary HTML or JavaScript code in the browser of any user viewing the affected page by inserting...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the projdoceditpage.php Project Documentation feature. An attacker can execute arbitrary code after uploading an attachment with a crafted filename. The code is...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted filenames in the myviewpage.php Timeline feature. An attacker can execute arbitrary code visible to any user viewing the My View Page by uploading an...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the weak Content Security Policy configuration when using the Gravatar plugin. An attacker can inject malicious scripts by exploiting the insufficient security...