1118 matches found
CVE-2020-19511
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1 className and !2 Description fields in index.php/Admin/Classes,...
Cross site scripting
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1 className and !2 Description fields in index.php/Admin/Classes,...
CVE-2020-19511
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1 className and !2 Description fields in index.php/Admin/Classes,...
CVE-2020-19511
CVE-2020-19511 affects Typesetter 5.1. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the index.php/Admin/Classes interface, specifically through the className and Description fields. Descriptions across multiple connected sources confirm the editable fields in the admin U...
Typesetter 跨站脚本漏洞
Typesetter is an open source CMS written in PHP with True WYSIWYG editing and flat file storage. Typesetter suffers from a cross-site scripting vulnerability. The vulnerability can be exploited to conduct cross-site scripting attacks via the className and Description fields in...
CVE-2018-14719
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code...
CVE-2021-33898
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain contexts, this can result in remote code execution. The attacker's input must be hosted at...
Invoice Ninja 代码问题漏洞
invoiceninja is a Github open source application an open source invoice application built with Laravel and Flutter Invoice Ninja has a security vulnerability before 4.4.0 that allows an attacker to deserialize arbitrary PHP classes...
ALEA-2021:1919 new module: python39:3.9
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This enhancement...
CVE-2021-24323
CVE-2021-24323 affects the WordPress WooCommerce plugin (vulnerable when taxes are enabled). The issue arises from the Additional tax classes field being not properly sanitised/escaped before output in the admin dashboard, enabling an authenticated admin to inject XSSayloads. The vulnerability ap...
GNU LibreDWG 缓冲区错误漏洞
LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10. An attacker can exploit this vulnerability by reading2004sectionclasses ... /... /src/decode.c:2440 to cause a heap buffer overflow...
Snuffleupagus - Security Module For Php7 And Php8 - Killing Bugclasses And Virtual-Patching The Rest!
Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing...
Ruby: XMLRPC does not limit deserializable classes.
Vulnerability description not provided...
CVE-2021-31407
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request...
CVE-2021-31407
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request...
CVE-2021-31407 Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request...
Input validation
A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280...
CVE-2020-7857
A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280...
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...