EUVD-2024-1933

Malicious code in bioql PyPI...

CVE-2024-37160 Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata

Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...

CVE-2024-37160 Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata

Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...

Design/Logic Flaw

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...