5078 matches found
CVE-2020-29304
A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...
Cross site scripting
A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...
CVE-2020-29304
A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...
CVE-2020-35382
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user...
CVE-2020-35382
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user...
Sql injection
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user...
CVE-2020-35382
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user...
CVE-2020-35382
CVE-2020-35382 affects Classbooking prior to version 2.4.1. It enables SQL Injection through the username field when adding a new user via a CSV, with potential impact to confidentiality and integrity. Remediation: upgrade to 2.4.1 or later; if upgrading isn’t possible, apply mitigations to sanit...
[SECURITY] Fedora 32 Update: libxls-1.5.3-3.fc32
This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...
[SECURITY] Fedora 33 Update: libxls-1.6.1-2.fc33
This is libxls, a C library for reading Excel files in the old binary OLE format, plus a command-line tool for converting XLS to CSV named, appropriately enough, libxls2csv...
Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting
The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection. Iimport a CSV file containing the following in the header: 'term" autofocus onfocus=alert'Complex\u0020XSS';alertdocument.cookie;//'"...
Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting
The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection. PoC Iimport a CSV file containing the following in the header: 'term" autofocus onfocus=alert'Complex\u0020XSS';alertdocument.cookie;//'"...
OpenAsset Digital Asset Management Insecure Direct Object Reference
Title: Missing access controls Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.22 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28861 Author: Jack Misiura from The Missing...
Regular Expression Denial Of Service (ReDoS)
fast-csv is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the usage of the ignoreEmpty option when parsing...
Security Advisory - CSV Injection Vulnerability in iManager NetEco Product
There has a CSV injection vulnerability in iManager NetEco Product. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV...
Huawei Imanager Neteco 6000 注入漏洞
Huawei Imanager Neteco 6000 is a platform from China's Huawei that provides a management approach for data center infrastructure. The platform can implement unified management for medium-sized and large data centers and multiple data centers, and improve resource utilization in data centers by...
CVE-2020-26256
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...
CVE-2020-26256
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...
Code injection
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...
Regular Expression Denial of Service
Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...