OWM Weather < 5.6.12 - Post Duplication via CSRF

The plugin does not have CSRF check when duplicating posts which will be duplicated as drafts, which could allow attackers to make logged in admin perform such action via a CSRF attack and fill up the post table...

CVE-2023-22740

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 beta tests-passed are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...

CVE-2023-22740 Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 beta tests-passed are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...

CVE-2023-22740 Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 beta tests-passed are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...

CVE-2023-22740

Discourse: A DoS vulnerability due to Allocation of Resources Without Limits via chat drafts. Affected: Discourse versions prior to 3.1.0.beta1 (beta); root cause: unlimited-length chat drafts leading to server load.

CVE-2023-22740 Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 beta tests-passed are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the...

PT-2023-18681 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.0.beta1 Description: Discourse is an open source platform for community discussion. The issue concerns the allocation of resources without limits, allowing users to create chat drafts of an unlimited length. Th...

PT-2023-18680 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.1 Discourse version 3.1.0.beta2 and earlier Description: Discourse is an open source platform for community discussion. The issue is related to Allocation of Resources Without Limits or Throttling, where a...

CVE-2022-46148 Discourse allows self-XSS through malicious composer message

Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...

PT-2022-27764 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.10 and prior Discourse versions 2.9.0.beta11 and prior Description: Discourse is an open-source messaging platform. Users composing malicious messages and navigating to the drafts page could self-XSS. This issue can lea...

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via Drafts...

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via Drafts...

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via Drafts...

Cross site scripting

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via Drafts...

CVE-2022-37251

Craft CMS 4.2.0.1 is affected by a Cross Site Scripting (XSS) vulnerability via Drafts/entry drafts. Multiple sources (NVD/NVD-derived CVE, GitHub GHSA advisory, Veracode entry, OSV entries, CVE lists, and related national vulnerabilities) corroborate that Craft CMS versions up to 4.2.0.1 (and ea...

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via Drafts...

Publify 安全漏洞

Publify is a simple but full-featured web publishing software.An access control error vulnerability exists in versions of Publify prior to 9.2.8. The vulnerability stems from an access control error in draft mode, which could be exploited by an attacker to comment on articles in draft mode...

CVE-2021-24733

The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally...

WordPress plugin 访问控制错误漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An access control error vulnerability exists in versions prior to Wordpress Plugin WP Post Page Clone...

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Auditing the AJAX endpoints revealed that some endpoints which perform state-changes do not have CSRF protection. Proof of Concept POST /lib/exe/ajax.php?call=draftdel&id=start Impact This vulnerability is capable of tricking users to delete their own drafts...