EUVD-2022-45058

Malicious code in bioql PyPI...

EUVD-2022-45057

Malicious code in bioql PyPI...

CVE-2022-41947

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

CVE-2022-41947

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

CVE-2022-41947

CVE-2022-41947 describes a cross-site scripting (XSS) vulnerability in DHIS 2 core where an authenticated user can upload a file containing embedded JavaScript, which could be triggered when another authenticated user opens the file in a browser. Affected versions are DHIS 2 prior to 2.36.12.1, 2...

CVE-2022-41948

CVE-2022-41948 describes a privilege-escalation in DHIS 2 core where a user with authority to manage users can self-assign superuser privileges by crafting an HTTP PUT request. The root cause is improper handling of user-management authority that allows self-elevation if the attacker is authentic...

CVE-2022-41949 Semi-blind Server-Side Request Forgery in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources like third party servers. This could allow...

PT-2022-26176 · Dhis2 · Dhis2

Name of the Vulnerable Software and Affected Versions: DHIS 2 versions prior to 2.36.12.1 DHIS 2 versions prior to 2.37.8.1 DHIS 2 versions prior to 2.38.2.1 DHIS 2 versions prior to 2.39.0.1 Description: DHIS 2 is an open source information system for data capture, management, validation,...

CVE-2021-39179

CVE-2021-39179 concerns DHIS2 Tracker API SQL injection affecting authenticated users. Provided documents (NVD, Red Hat RH, OSV, CVE lists) describe a SQL injection in the Tracker component that can be triggered via POST paths /api/trackedEntityInstances and /api/trackedEntityInstances/query, imp...

Sql injection

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...