265 matches found
GHSA-R3JC-VHF4-6V32 CKAN has Cross-site Scripting vector in the Datatables view plugin
The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...
CKAN has Cross-site Scripting vector in the Datatables view plugin
The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...
CVE-2024-41675
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...
CVE-2024-41675 CKAN has a Cross-site Scripting vector in the Datatables view plugin
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...
CVE-2024-41675 CKAN has a Cross-site Scripting vector in the Datatables view plugin
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...
CVE-2024-41675
CKAN 2.7.0+ with the datatables_view plugin (a core CKAN component) is affected: the Datatables view failed to properly escape data from the DataStore, creating an XSS vector. The issue is fixed in CKAN 2.10.5 and 2.11.0. Affected sites should upgrade to one of these versions to remediate; the pl...
Archer Platform 安全漏洞
Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6.8 2024.06 that stems from susceptibility to a stored cross-site scripting attack in which an attacker stores malicious code in a trusted...
Archer Platform 安全漏洞
Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6 2024.06 that stems from susceptibility to a stored cross-site scripting attack in which an attacker stores malicious code in a trusted applicati...
Archer Platform 安全漏洞
Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6 2024.06 that stems from susceptibility to a stored cross-site scripting attack in which an attacker stores malicious code in a trusted applicati...
CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions
GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...
CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions
GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...
CVE-2024-36404
GeoTools CVE-2024-36404: RCE in evaluating user-supplied XPath expressions affects prior releases; fixes are in 31.2, 30.4, and 29.6. Workarounds include running with reduced functionality by removing the gt-complex jar, which may break application schema queries. A drop-in replacement jar is ava...
Malicious code in dragonfly_cloudinary-datastore (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6876 Malicious code in dragonfly_cloudinary-datastore (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Veeam Kasten for Kubernetes Instant Recovery with Veeam Backup & Replication vPower NFS datastore
Purpose K10 Instant Recovery uses the Veeam Backup and Replication vPower NFS datastore to provide vSphere First Class Disks for storage. This feature enables "instant" recovery of workloads with Kubernetes. Solution The vPower NFS datastore is a fully functional datastore in the vSphere cluster...
CVE-2024-23640 GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a...
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Summary A stored cross-site scripting XSS vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's...
PT-2024-19991 · Geoserver · Geoserver
Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.3 and 2.24.0 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend...
CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...
CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...