35 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied input in the Special:Drilldown process. An attacker can execute arbitrary SQL commands by injecting crafted input. Remediation Upgrade mediawiki/cargo to version 3.9.1 or higher...
CVE-2026-14363 Cargo Extension: SQLi in Special:Drilldown
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
CVE-2026-14363
The CVE-2026-14363 issue affects the MediaWiki Cargo Extension for MediaWiki, where improper neutralization of special elements in SQL queries (notably in Special:Drilldown) enables SQL injection. Reported impacts include unauthorized access, modification, or deletion of data in the database. Aff...
EUVD-2022-3041
Malicious code in bioql PyPI...
EUVD-2024-20692
Malicious code in bioql PyPI...
CVE-2019-13068
public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...
Malicious code in grafana-metricsdrilldown-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76f0bf52430819b26f7b4042daedcdd27b0b6dcc7278385dac6989be16b987de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-0269
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...
Sql injection
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...
CVE-2024-0269 SQL Injection
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...
CVE-2024-0269 SQL Injection
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271...
PT-2024-15429 · Zoho · Zoho Manageengine Adaudit Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 7270 and below Description: The issue is related to an Authenticated SQL injection in the File-Summary DrillDown feature. This has been fixed and released in version 7271. Recommendations: For versions 7270...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...
GHSA-RHPM-63W5-79RG MediaWiki Cargo Extension Cross-site Scripting vulnerability
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...
MediaWiki Cargo Extension Cross-site Scripting vulnerability
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...
PT-2024-2677 · Mediawiki +2 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the Cargo extension of MediaWiki allows for XSS attacks via the artist, album, and...
SUSE CVE-2019-13068
public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...
Semantic Drilldown 安全漏洞
Semantic Drilldown is a MediaWiki extension to Wikimedia open source. A security vulnerability exists in Semantic Drilldown. Attackers use this vulnerability to execute cross-site scripting attacks...
CVE-2022-37438
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...
CVE-2022-37438 Information disclosure via the dashboard drilldown in Splunk Enterprise
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...