Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-23780

Malware in sbrugna...

5.3CVSS5.3AI score0.02001EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/13 4:0 p.m.33 views

Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

6.6CVSS6AI score0.00648EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/13 3:40 p.m.13 views

CVE-2024-34081 MantisBT Cross-site Scripting vulnerability

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

6.6CVSS6.7AI score0.00648EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/13 3:40 p.m.38 views

CVE-2024-34081 MantisBT Cross-site Scripting vulnerability

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

6.6CVSS6.6AI score0.00648EPSS
Exploits0References3
NVD
NVD
added 2021/11/01 9:15 a.m.31 views

CVE-2021-24813

The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00681EPSS
Exploits2References2
OSV
OSV
added 2021/11/01 9:15 a.m.3 views

CVE-2021-24813

The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00681EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/10/04 12:0 a.m.25 views

Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Add/Edit a Custom Field /wp-admin/admin.php?page=eme-formfields and put the following payload in the Field...

4.8CVSS1.6AI score0.00681EPSS
Exploits2References1Affected Software1
Hacker One
Hacker One
added 2021/07/27 12:5 p.m.19 views

U.S. Dept Of Defense: Sensitive data exposure via /secure/███████ endpoint on ████████

The sensitive data exposure vulnerability in the /secure/███████ endpoint on ████████ was identified. The vulnerability allowed unauthenticated attackers to view custom field names and custom SLA names. The vulnerability was caused by CVE-2020-14179...

5.3CVSS5.1AI score0.76042EPSS
Exploits1
OSV
OSV
added 2021/02/15 12:15 a.m.5 views

CVE-2020-36235

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view custom field and custom SLA names via an Information Disclosure vulnerability in the mobile site view. The affected versions are before version 8.13.2, and from version 8.14.0 before 8.14.1...

5.3CVSS5.9AI score0.02001EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/12/27 1:46 p.m.94 views

U.S. Dept Of Defense: Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179

Summary: Information Disclosure vulnerability in outdated Jira. Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the...

5CVSS2.1AI score0.76042EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/10/27 12:0 a.m.28 views

Atlassian Jira 8.6.x < 8.11.1 Sensitive Data Exposure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.8 or 8.6.x 8.11.1. It is, therefore, affected by a sensitive data exposure vulnerability that allows remote, unauthenticated attackers to view custom field names and custo...

5.3CVSS6.7AI score0.76042EPSS
Exploits1References2
OSV
OSV
added 2020/09/21 1:15 a.m.3 views

CVE-2020-14179

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and...

5.3CVSS6.5AI score0.76042EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/09/20 12:0 a.m.8 views

PT-2020-6320 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.8 Atlassian Jira Server and Data Center versions 8.6.0 through 8.11.0 Description: The issue is related to an information disclosure vulnerability in the...

5.3CVSS5.3AI score0.76042EPSS
Exploits1References17
Rows per page
Query Builder