53 matches found
CVE-2019-8822
creationtimestamp| type| source ---|---|--- 2024-01-31 08:01:48+00:00| seen| https://t.me/ctinow/176531 2024-01-31 09:41:57+00:00| seen| https://t.me/ctinow/176592 2024-01-31 10:36:48+00:00| seen| https://t.me/ctinow/176628 2024-01-31 16:42:00+00:00| seen| https://t.me/ctinow/176867 2024-01-31...
CVE-2024-22628
Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expensebudget/admin/?page=reports/budget&datestart=2023-12-28&dateend=...
CVE-2024-23174
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...
CVE-2024-0201
creationtimestamp| type| source ---|---|--- 2024-01-03 11:26:12+00:00| seen| https://t.me/ctinow/162314 2024-01-04 01:35:29+00:00| seen| https://t.me/cibsecurity/74315 2024-01-23 14:56:39+00:00| seen| https://t.me/ctinow/172003...
CVE-2023-52180
creationtimestamp| type| source ---|---|--- 2023-12-31 12:26:29+00:00| seen| https://t.me/ctinow/161069 2024-01-01 01:31:44+00:00| seen| https://t.me/cibsecurity/74064 2024-01-22 10:11:23+00:00| seen| https://t.me/ctinow/171068...
CVE-2023-51094
creationtimestamp| type| source ---|---|--- 2023-12-26 19:27:11+00:00| seen| https://t.me/ctinow/159407 2023-12-30 08:16:27+00:00| seen| https://t.me/ctinow/160796 2024-01-19 13:11:54+00:00| seen| https://t.me/ctinow/170183...
PT-2023-18905 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/pimcore version 10.5.19 Description: A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules, specifically in the From and To fields of the Date Range section. This allows an attacker to inject...
XSS in Conditions tab of Pricing Rules
Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Conditions tab of Pricing Rules, specifically at From and To fields of Date Range section. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.On the left menu bar, go t...
Baremetrics date range picker vulnerable to Cross-site Scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
GHSA-465F-MXXH-GRC4 Baremetrics date range picker vulnerable to Cross-site Scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
CVE-2021-32859
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
CVE-2021-32859
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
Cross site scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
PT-2023-12191 · Baremetrics · Baremetrics Date Range Picker
Name of the Vulnerable Software and Affected Versions: Baremetrics date range picker versions 1.0.14 and prior Description: The issue is related to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who can influence the placeholder field when creating a Calendar...
CVE-2021-32859
CVE-2021-32859 affects the Baremetrics date range picker (Calendar) up to version 1.0.14. The vulnerability arises from improper handling of untrusted placeholder values in Calendar.js, allowing an attacker to inject arbitrary HTML/JavaScript that renders in a user’s context (XSS). The connected ...
CVE-2021-32859 Baremetrics date range picker vulnerable to Cross-site Scripting
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
8x8 Bounty: connect.8x8.com: Too much resource consumption of the server due to incorrect date range control via /api/v1/reports?dateFrom=
The server of connect.8x8.com was vulnerable to excessive resource consumption due to incorrect date range control via the /api/v1/reports endpoint. Attackers could cause the server to crash by repeatedly increasing the date range, potentially leading to a DoS attack. The vulnerability has since...
CVE-2021-45046
creationtimestamp| type| source ---|---|--- 2021-12-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=700 2021-12-14 22:14:54+00:00| exploited| https://t.me/cibsecurity/33979 2021-12-15 05:50:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1081 2021-12-15...
CVE-2021-39411
Multiple Cross Site Scripting XSS vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the 1 searchdata parameter in a doctor/search.php and b admin/patient-search.php, and the 2 fromdate and 3 todate parameters in admin/betweendates-detailsreports.php...
CVE-2021-20252
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...