Lucene search
+L

158 matches found

Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.3 views

PT-2024-17832 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown processing of the file /update edu details.php. The manipulati...

9.8CVSS8.1AI score0.00735EPSS
Exploits1References14
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.389 views

Edu-Sharing Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...

7.1AI score0.00831EPSS
Exploits1
NVD
NVD
added 2024/06/20 11:15 a.m.24 views

CVE-2024-28147

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

7.4CVSS0.00831EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/20 10:46 a.m.15 views

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

6.8AI score0.00831EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/20 10:46 a.m.39 views

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

0.00831EPSS
Exploits1References2
CVE
CVE
added 2024/06/20 10:46 a.m.62 views

CVE-2024-28147

Edu-sharing (pre-9.0.0-RC19) is affected by CVE-2024-28147: an authenticated user can upload arbitrary files via the collection preview image upload, enabling Stored XSS through HTML/JavaScript execution when users access the direct image URL and potential DoS via SVG with nested XML entities. Af...

7.4CVSS7.4AI score0.00831EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.7 views

edu-sharing Permission and Access Control Issues Vulnerability

edu-sharing is an open source e-learning integration solution from edu-sharing, Inc. A security vulnerability exists in edu-sharing that stems from allowing the upload of arbitrary files...

7.4CVSS7.1AI score0.00831EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2024/01/24 10:58 p.m.8 views

med.uc.edu Cross Site Scripting vulnerability OBB-3842823

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/01/22 7:13 p.m.6 views

personal.colby.edu Cross Site Scripting vulnerability OBB-3840419

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/01/22 6:20 p.m.7 views

edu-tech.it Improper Access Control vulnerability OBB-3840270

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/01/17 7:45 p.m.4 views

edu-test.in Improper Access Control vulnerability OBB-3836937

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/24 2:11 a.m.14 views

chapel.duke.edu Improper Access Control vulnerability OBB-3820808

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/08/29 8:15 p.m.4 views

CVE-2021-3262

TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...

9.8CVSS7.4AI score0.01013EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/29 12:0 a.m.7 views

PT-2023-12172 · Tripspark · Tripspark Veo Transportation

Name of the Vulnerable Software and Affected Versions: TripSpark VEO Transportation versions 2.2.x NovusEDU versions 2.2.x Description: The issue allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL...

9.8CVSS9.4AI score0.01013EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/08/29 12:0 a.m.7 views

TripSpark VEO SQL注入漏洞

TripSpark VEO is a software solution from TripSpark, Inc. designed for the traffic and transportation sector to manage and optimize the operations of vehicles, equipment, and personnel. A security vulnerability exists in the TripSpark VEO Transportation NovusEDU-2.2.x-XPBB-20201123-184084 version...

9.8CVSS8.6AI score0.01013EPSS
Exploits1References4
Openbugbounty
Openbugbounty
added 2023/05/17 9:24 p.m.5 views

data.wgnhs.wisc.edu Cross Site Scripting vulnerability OBB-3349681

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/04/27 8:20 a.m.8 views

mahsa.edu.my Cross Site Scripting vulnerability OBB-3277041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/18 8:2 p.m.12 views

libguides.lib.cuhk.edu.hk Cross Site Scripting vulnerability OBB-3226769

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/12/02 8:34 a.m.11 views

edu-pro.com.my Cross Site Scripting vulnerability OBB-3083242

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/09/11 6:43 p.m.10 views

edu-kmiac.ru Cross Site Scripting vulnerability OBB-2914079

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder