Lucene search
K

3531 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.9 views

CVE-2020-13868

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...

6.5CVSS7AI score0.00428EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:21 p.m.11 views

CVE-2012-3473

The 1 reports API and 2 administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions...

6.4CVSS7.1AI score0.02333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:6 p.m.3 views

CVE-2012-4007

The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card...

4.3CVSS6.6AI score0.01066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 a.m.8 views

CVE-2019-15734

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these...

4.3CVSS6.4AI score0.00973EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 a.m.5 views

CVE-2019-25011

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments...

5.4CVSS6AI score0.00555EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 a.m.6 views

CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

9.8CVSS8.2AI score0.01505EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:48 a.m.8 views

CVE-2019-6995

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues...

6.5CVSS6.5AI score0.00825EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:20 a.m.5 views

CVE-2019-17583

idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service resource consumption via a query for many comments, as demonstrated by the admincp.php?app=comment= substring followed by a large positive integer...

7.5CVSS7AI score0.01259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:16 a.m.7 views

CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group∾=comment=do=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element...

6.1CVSS5.8AI score0.00749EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.6 views

CVE-2019-11548

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint...

5.4CVSS6.5AI score0.00715EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 a.m.10 views

CVE-2019-7944

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

5.4CVSS5.7AI score0.00566EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:54 a.m.8 views

CVE-2019-5472

An authorization issue was discovered in Gitlab versions 12.1.2, 12.0.4, and 11.11.6 that prevented owners and maintainer to delete epic comments...

7.5CVSS6.7AI score0.01932EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 a.m.6 views

CVE-2018-16622

Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...

5.4CVSS5.9AI score0.00788EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 a.m.5 views

CVE-2014-10382

The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment...

4.3CVSS6.9AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 a.m.8 views

CVE-2010-4357

SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter...

7.5CVSS8.8AI score0.0098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 a.m.12 views

CVE-2010-4516

Multiple cross-site scripting XSS vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 a.m.6 views

CVE-2019-15593

GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments...

6.5CVSS6.5AI score0.01522EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:1 a.m.9 views

CVE-2013-7233

Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...

6.8CVSS7.4AI score0.0384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:53 a.m.7 views

CVE-2012-6102

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

6.4CVSS6.9AI score0.01362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:42 a.m.7 views

CVE-2012-5872

ARC aka ARC2 through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause...

9.8CVSS8.2AI score0.00752EPSS
Exploits1References1
Rows per page
Query Builder