23 matches found
EUVD-2025-204450
The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...
Grav is vulnerable to Arbitrary File Read
Summary - A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. - This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password reset token. - This can allow an adversar...
EUVD-2020-30813
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
CVE-2020-36860 affects Nagios XI: Core Config Manager (CCM) pre-3.0.7 / XI pre-5.7.4, with multiple XSS flaws in object edit pages due to insufficient input validation/escaping. Attackers could inject and execute scripts in a victim’s browser. Remediation provided by vendors: upgrade CCM to 3.0.7...
CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
CVE-2020-36859
CVE-2020-36859 – Nagios XI CCM SQL Injection Affected product: Nagios XI, Core Config Manager (CCM). Vulnerable in CCM < 3.0.7 and Nagios XI
CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
PT-2025-44466
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues present in the object edit pages. Insufficient validation o...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission validation in certain conditions, which allows an attacker to edit fields of pages and articles without the necessary permissions...
Linux Distros Unpatched Vulnerability : CVE-2025-3637
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through th...
CVE-2025-57759
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no...
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...
CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...
CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...
CVE-2025-3637
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...
Moodle 安全漏洞
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the edit and delete pages of the moddata module...