CVE-2024-48706

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the title parameter with action=add or action=editform within the a managemessage.php file and b managetask.php file respectively...

PT-2024-33186 · Unknown · Collabtive

Name of the Vulnerable Software and Affected Versions: Collabtive version 3.1 Description: The issue is related to Cross-site scripting XSS via the title parameter with action=add or action=editform within the managemessage.php file and managetask.php file respectively. This allows for potential...

Atlassian Jira Service Desk 4.8.1 < 4.12.0 Information Disclosure In API and Integrations

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.8.x prior to 4.12.0. It is, therefore, affected by a flaw which may permit a remote attacker authenticated as a non-administrator user to view Project Request-Types a...

GHSA-GVC8-XJFP-6569 Silverstripe CMS XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.0 before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

Silverstripe CMS XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.0 before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

Information disclosure

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions...

berluti.com XSS vulnerability

Open Bug Bounty ID: OBB-658581 Description| Value ---|--- Affected Website:| berluti.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2012-0976

The provided documents confirm CVE-2012-0976 affects SilverStripe 2.4.6, where an XSS vulnerability exists in admin/EditForm; remote authenticated users with Content Authors privileges can inject arbitrary script/HTML via the Title parameter. The description notes these details originate from thi...

Cross site scripting

Cross-site scripting XSS vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php...

Directory traversal

Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely...

phpAddEdit 1.3 - editform Local File Inclusion

phpAddEdit 1.3 - editform Local File Inclusion phpaddedit-1.3 LFI Author: nuclear script:http://sourceforge.net/projects/phpaddedit/ vuln:http://target.com/addedit-render.php?editform=../../../../../../../etc/passwd%00 vulnerable code: if !$formname && $GET"editform" $formname = $GET"editform";...