EUVD-2024-20692

Malicious code in bioql PyPI...

EUVD-2022-3041

Malicious code in bioql PyPI...

CVE-2019-13068

public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...

Malicious code in grafana-metricsdrilldown-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76f0bf52430819b26f7b4042daedcdd27b0b6dcc7278385dac6989be16b987de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-0269

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

Sql injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

CVE-2024-0269 SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

CVE-2024-0269 SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...

PT-2024-15429 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 7270 and below Description: The issue is related to an Authenticated SQL injection in the File-Summary DrillDown feature. This has been fixed and released in version 7271. Recommendations: For versions 7270...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...

GHSA-RHPM-63W5-79RG MediaWiki Cargo Extension Cross-site Scripting vulnerability

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...

MediaWiki Cargo Extension Cross-site Scripting vulnerability

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...

PT-2024-2677 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the Cargo extension of MediaWiki allows for XSS attacks via the artist, album, and...

SUSE CVE-2019-13068

public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...

Semantic Drilldown 安全漏洞

Semantic Drilldown is a MediaWiki extension to Wikimedia open source. A security vulnerability exists in Semantic Drilldown. Attackers use this vulnerability to execute cross-site scripting attacks...

CVE-2022-37438

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...

CVE-2022-37438 Information disclosure via the dashboard drilldown in Splunk Enterprise

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...

CVE-2022-37438

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

PT-2022-23997 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise affected versions not specified Description: The issue allows an authenticated user to create a dashboard that could potentially leak information, such as username, email, and real name, about Splunk users when visited by...