CVE-2026-8438

The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanitization in the getrestroute function and missing output escaping in the columndefault method of the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the dashboard log endpoints. An attacker can access sensitive operational log data by sending authenticated requests to the log endpoints without requiring elevated privileges. Remediation Upgrade...

CVE-2016-15049

Nagios Log Server is affected by an XSS vulnerability in the Dashboards section, specifically when rendering log entries in the Logs table. Affected products are Nagios Log Server versions prior to 1.4.2; untrusted log content was not safely encoded for the output context, allowing attacker-contr...

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, USA. A security vulnerability exists in Nagios Log Server versions prior to 1.4.2, which stems from the Logs table in the Dashboards section not securely encoding the contents of the logs,...

SUSE CVE-2020-25678

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible...

Kitabisa Teler 跨站脚本漏洞

Kitabisa Teler is a software from the Kitabisa team for implementing intrusion detection and threat alerts based on web logs. A cross-site scripting vulnerability exists in versions prior to Kitabisa Teler 2.0.0-rc.4, which stems from the fact that log data displayed on the dashboard is not clean...

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates from a lack of data validation filtering of user-supplied data and output in...

OESA-2021-1100 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by...