PT-2023-26272 · Otrs +2 · Otrs +3

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to an Improper Input Validation vulnerability in the ContentType parameter for...

CVE-2023-3834 Bug Finder EX-RATE Ticket create cross site scripting

A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be...

CVE-2023-3832

A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has been classified as problematic. Affected is an unknown function of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to launch the...

CVE-2023-3833

A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack...

CVE-2023-3831

A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. This issue affects some unknown processing of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be initiated...

CVE-2023-3829

A vulnerability was found in Bug Finder ICOGenie 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/ticket/create of the component Support Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be...

CVE-2023-3827

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads...

PT-2023-26372 · Unknown · Bug Finder Ex-Rate

Name of the Vulnerable Software and Affected Versions: Bug Finder EX-RATE version 1.0 Description: A vulnerability was found in the Ticket Handler component, affecting some unknown functionality of the file /user/ticket/create. The manipulation of the message argument leads to cross-site scriptin...

Bug Finder MineStack 跨站脚本漏洞

Bug Finder MineStack is a digital mining platform from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder MineStack version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket Handler, leading to cross-site scripting via th...

Bug Finder Montage 跨站脚本漏洞

Bug Finder Montage is a complete web platform for hotel/resort booking and property sales solutions from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder Montage version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket...

Bug Finder EX-RATE 跨站脚本漏洞

Bug Finder EX-RATE is a currency exchange solution from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder EX-RATE version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket Handler, leading to cross-site scripting via the...

PT-2023-26357 · Unknown · Bug Finder Wedding Wonders

Name of the Vulnerable Software and Affected Versions: Bug Finder Wedding Wonders version 1.0 Description: A vulnerability was found in the Ticket Handler component, specifically in the /user/ticket/create file, where an unknown function is affected. The manipulation of the message argument leads...

Bug Finder ICOGenie 跨站脚本漏洞

Bug Finder ICOGenie is a powerful and versatile script from Bug Finder, Inc. designed to easily launch and manage successful token products. A cross-site scripting vulnerability exists in Bug Finder ICOGenie version 1.0, which stems from the presence of unknown code in the file /user/ticket/creat...

PT-2023-26377 · Unknown · Bug Finder Minestack

Name of the Vulnerable Software and Affected Versions: Bug Finder MineStack version 1.0 Description: A problematic issue has been discovered, affecting the Ticket Handler component, specifically an unknown part of the file /user/ticket/create. The manipulation of the message argument leads to...

Bug Finder SASS BILLER 跨站脚本漏洞

Bug Finder SASS BILLER is a SASS-based invoicing and billing platform from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder SASS BILLER version 1.0, which stems from some unknown processing in the file /user/ticket/create in the component Ticket Handler, leading to...

PT-2023-26349 · Unknown · Bug Finder Icogenie

Name of the Vulnerable Software and Affected Versions: Bug Finder ICOGenie version 1.0 Description: A vulnerability was found in the Support Ticket Handler component, specifically affecting the /user/ticket/create file. The manipulation of the message argument leads to cross-site scripting. The...

PT-2023-26340 · Unknown · Bug Finder Listplace Directory Listing Platform

Name of the Vulnerable Software and Affected Versions: Bug Finder Listplace Directory Listing Platform version 3.0 Description: A vulnerability was found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /listplace/user/ticket/create. The...

PT-2023-26351 · Unknown · Bug Finder Finounce

Name of the Vulnerable Software and Affected Versions: Bug Finder Finounce version 1.0 Description: A vulnerability was found in the Ticket Handler component, affecting the processing of the file "/user/ticket/create". The manipulation of the message argument leads to cross-site scripting. The...

PT-2023-26189 · Unknown · Bug Finder Chaincity Real Estate Investment Platform

Name of the Vulnerable Software and Affected Versions: Bug Finder ChainCity Real Estate Investment Platform version 1.0 Description: A problematic vulnerability has been found in the New Ticket Handler component of the Bug Finder ChainCity Real Estate Investment Platform. The issue affects an...

GHSA-9436-3GMP-4F53 grav Server-side Template Injection (SSTI) mitigation bypass

Summary The fix for SSTI using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value from isDangerousFunction, which allows to execute the payload prepending double backslash \ Details The isDangerousFunction check in...