34 matches found
CVE-2021-47855
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...
CVE-2021-47855
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...
CVE-2021-47855 Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...
EUVD-2026-3632
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...
Litespeed Technologie OpenLiteSpeed Cross-Site Script Vulnerability
Litespeed Technologie OpenLiteSpeed is an open-source web server developed by Litespeed Technologie. Version 1.7.9 of Litespeed Technologie OpenLiteSpeed contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting vulnerability in the dashboard’s Not...
PT-2026-3808
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...
EUVD-2024-40121
Malicious code in bioql PyPI...
EUVD-2025-31773
Malicious code in bioql PyPI...
CVE-2025-56392
An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...
CVE-2025-56392
An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...
CVE-2025-56392
An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...
Collegetivity 安全漏洞
Collegetivity is a university student activity system by the individual developer Syauqizaidan Khairan Khalaf. A security vulnerability exists in Collegetivity version 1.0.0, which stems from the presence of an insecure direct object reference in the /dashboard/notes endpoint, which could allow a...
CVE-2025-56392
Summary: CVE-2025-56392 affects Syaqui Collegetivity v1.0.0 and is caused by an insecure direct object reference in the /dashboard/notes API endpoint. An attacker can impersonate other users and perform arbitrary operations by sending a crafted POST request. Affected software/component: Syaqui Co...
PT-2025-40024
Name of the Vulnerable Software and Affected Versions Syaqui Collegetivity version 1.0.0 Description An Insecure Direct Object Reference IDOR exists in the /dashboard/notes API endpoint. This allows attackers to impersonate other users and perform unauthorized actions by sending a specially craft...
CVE-2025-56392
An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...
CVE-2025-56392
An Insecure Direct Object Reference IDOR in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request...
CVE-2024-43226
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11...
CVE-2023-7239
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2023-7239
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...
CVE-2023-7239 wp-dashboard-notes < 1.0.11 - Contributor+ Arbitrary Private Notes Update via IDOR
The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the postid parameter in its wpdnupdatenote AJAX action. This allows users with a role of contributor and above to update notes created by other users...