14 matches found
BIT-KIBANA-2025-25009 Kibana Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload...
BIT-ELK-2025-25009 Kibana Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload...
CVE-2025-25009
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload...
CVE-2025-25009
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload...
CVE-2025-25009 Kibana Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload...
CVE-2025-25009
CVE-2025-25009 affects Kibana components where improper neutralization of input during web page generation enables stored XSS via case file uploads. The vulnerability is documented across multiple feeds (NVD, CVE lists, OSV, Nessus) with correlated advisories indicating Kibana versions in use; th...
CVE-2025-25009 Kibana Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload...
EUVD-2025-32867
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload...
Kibana 8.18.8, 8.19.5, 9.0.8, and 9.1.5 Security Update (ESA-2025-20)
Kibana Cross-Site Scripting XSS ESA-2025-20 Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload. Affected Versions: 7.x: All versions prior to and including 7.17.29 8.x: All versions from 8.0.0 up to and including 8.18.7 8.19.x: All...
PT-2025-40995
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in Kibana where improper neutralization of input during web page generation can lead to Stored Cross-Site Scripting XSS through case file uploads. The issue allows for the...
CVE-2025-2626
A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This vulnerability affects unknown code of the file editcase.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has...
PT-2024-38508 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A vulnerability was found in the SourceCodester Kortex Lite Advocate Office Management System, affecting an unknown part of the file register case.php. The...
CVE-2018-17418
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbiddentypes variable...
Cmseasy某处SQL盲注漏洞(绕过360防护)
简要描述: 注入..但是木回显 盲注了.. 详细说明: index.php 84行 stats::getbot; 由于初始化的时候也没对$SERVER做过滤的什么措施 导致的注入 stats.php 13行到78行 getbot 这个功能是看蜘蛛的记录 $SERVER 没过滤 我们只需要把HTTPUSERAGENT伪造成蜘蛛的就ok了 public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName =...