Lucene search
K

265 matches found

OSV
OSV
added 2024/08/21 6:26 p.m.16 views

GHSA-R3JC-VHF4-6V32 CKAN has Cross-site Scripting vector in the Datatables view plugin

The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...

6.8CVSS6AI score0.00377EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/08/21 6:26 p.m.15 views

CKAN has Cross-site Scripting vector in the Datatables view plugin

The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...

6.8CVSS6AI score0.00377EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/08/21 3:15 p.m.31 views

CVE-2024-41675

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...

6.8CVSS0.00377EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/21 2:34 p.m.39 views

CVE-2024-41675 CKAN has a Cross-site Scripting vector in the Datatables view plugin

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...

6.8CVSS0.00377EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/21 2:34 p.m.10 views

CVE-2024-41675 CKAN has a Cross-site Scripting vector in the Datatables view plugin

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...

6.8CVSS6AI score0.00377EPSS
Exploits0References3
CVE
CVE
added 2024/08/21 2:34 p.m.56 views

CVE-2024-41675

CKAN 2.7.0+ with the datatables_view plugin (a core CKAN component) is affected: the Datatables view failed to properly escape data from the DataStore, creating an XSS vector. The issue is fixed in CKAN 2.10.5 and 2.11.0. Affected sites should upgrade to one of these versions to remediate; the pl...

6.8CVSS6.4AI score0.00377EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.4 views

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6.8 2024.06 that stems from susceptibility to a stored cross-site scripting attack in which an attacker stores malicious code in a trusted...

7.1CVSS6AI score0.00294EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.4 views

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6 2024.06 that stems from susceptibility to a stored cross-site scripting attack in which an attacker stores malicious code in a trusted applicati...

5.4CVSS6AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.7 views

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6 2024.06 that stems from susceptibility to a stored cross-site scripting attack in which an attacker stores malicious code in a trusted applicati...

7.3CVSS6AI score0.00327EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/02 1:39 p.m.48 views

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS0.74908EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2024/07/02 1:39 p.m.30 views

CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS7.5AI score0.74908EPSS
Exploits0References16
CVE
CVE
added 2024/07/02 1:39 p.m.110 views

CVE-2024-36404

GeoTools CVE-2024-36404: RCE in evaluating user-supplied XPath expressions affects prior releases; fixes are in 31.2, 30.4, and 29.6. Workarounds include running with reduced functionality by removing the gt-complex jar, which may break application schema queries. A drop-in replacement jar is ava...

9.8CVSS9.7AI score0.74908EPSS
Exploits0References16
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:50 p.m.5 views

Malicious code in dragonfly_cloudinary-datastore (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:50 p.m.7 views

MAL-2024-6876 Malicious code in dragonfly_cloudinary-datastore (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Veeam
Veeam
added 2024/06/17 12:0 a.m.18 views

Veeam Kasten for Kubernetes Instant Recovery with Veeam Backup & Replication vPower NFS datastore

Purpose K10 Instant Recovery uses the Veeam Backup and Replication vPower NFS datastore to provide vSphere First Class Disks for storage. This feature enables "instant" recovery of workloads with Kubernetes. Solution The vPower NFS datastore is a fully functional datastore in the vSphere cluster...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2024/03/20 3:26 p.m.37 views

CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS5.2AI score0.00426EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/03/20 3:6 p.m.26 views

GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)

Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's...

4.8CVSS5.7AI score0.00426EPSS
Exploits0References7Affected Software2
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.6 views

PT-2024-19991 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.0 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend...

4.8CVSS5.5AI score0.00426EPSS
Exploits0References11
Cvelist
Cvelist
added 2023/10/31 3:25 p.m.46 views

CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...

4.2CVSS6.7AI score0.00391EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/31 3:25 p.m.14 views

CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...

4.2CVSS6.8AI score0.00391EPSS
Exploits0References2
Rows per page
Query Builder