22 matches found
ROS-20250624-07
A vulnerability in the Mercurial version control software tool is related to insufficient data cleansing, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site scripting XSS attacks. remotely to perform cross-site scripting XSS attac...
ROS-20250505-04
The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...
ROS-20250505-05
The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...
ROS-20250121-02
A vulnerability in the koji RPM-based build system is related to insufficient cleansing of data provided by the by the user. Exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting XSS attacks. Cross-site scripting XSS attacks...
ROS-20250109-03
Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code Vulnerability of the GLPI system...
ROS-2-1990
2.1990 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1404
2.1404 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1540
2.1540 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
Rails 安全漏洞
Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in versions prior to Rails v6.1.7.3, which stems from insufficient cleansing of user-supplied data, that could allow a remote attacker to trick a victim...
ROS-20221013-02
The vulnerability in the Moodle course management system is related to the fact that the H5P attempted action report does not group permissions are not taken into account when displaying to non-editing teachers information about attempts/users in groups to which they should not have access. about...
LiteCart 跨站脚本漏洞
LiteCart is a suite of e-commerce platforms by the individual developer T. Almroth. LiteCart suffers from a cross-site scripting vulnerability that stems from an attempt to fully cleanse user-supplied data. A remote attacker could use this vulnerability to trick a victim into following a speciall...
ROS-20220125-14
Lxml library vulnerability is related to insufficient cleansing of user data in the cleanup program HTML in the lxml.html file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to click on a specially crafted link and execute arbitrary HTML code and scri...
ROS-2-982
2.982 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-545
2.545 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-498
2.498 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1948
2.1948 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1692
2.1692 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-581
2.581 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1875
2.1875 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-828
2.828 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...