500 matches found
GHSA-5JC6-H9W7-JM3P Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...
CVE-2024-53999
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
UBUNTU-CVE-2024-8312
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...
CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...
CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站脚本漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...
PT-2024-9136 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0 Description: An issue has been discovered in GitLab CE/EE that could allow an attacker to inject HTML into the Glob...
PT-2024-10157 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.3 through 17.4.6 GitLab EE versions 17.5 through 17.5.4 GitLab EE versions 17.6 through 17.6.2 Description: The issue is related to the Wiki History Diff feature in GitLab EE, which allows group users to view confidentia...
Gitlab -- vulnerabilities
Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...
PT-2024-7438 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.6 through 17.2.9 GitLab CE/EE versions 17.3 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 Description: An issue was discovered in GitLab CE/EE where viewing diffs of MR with conflicts can be slow. This issu...
DRUPAL-CONTRIB-2024-042
This module adds a tab for sufficiently permissioned users. The tab shows all revisions like standard Drupal but it also allows pretty viewing of all added/changed/deleted words between revisions. The module doesn't sufficiently check revision access before rendering a diff report for 1 nodes or ...
Drupal Diff module < 1.8.0,2.0.0-2.0.0-beta2 - Authenticated Multiple Vulnerabilities
Authenticated Multiple Vulnerabilities discovered by Matthias Vogel in WordPress Module Diff versions 1.8.0,2.0.0-2.0.0-beta2...
PT-2025-2093 · Drupal · Diff
Name of the Vulnerable Software and Affected Versions: Diff versions 0.0.0 through 1.8.0 Description: The issue is related to an incorrect authorization vulnerability in the Diff module of the Drupal content management system. This vulnerability allows for functionality misuse. A remote attacker...
UBUNTU-CVE-2024-6329
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...
CVE-2024-6329
CVE-2024-6329 affects GitLab CE/EE, with GitLab versions 8.16–17.0.5, 17.1–17.1.3, and 17.2–17.2.1 vulnerable to a web UI diff rendering issue when the path is encoded. Root cause: improper encoding/escaping of output in the web interface, leading to incorrect diff rendering. Impact is described ...
CVE-2024-6329
Removed by vendor...
PT-2024-5513 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: The issue causes the web interface to fail to render the diff correctly when the path is encoded. This ...
Malicious code in DіffEngіոе (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Fedora: Security Advisory for rust-difftastic (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...