CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the externalfeed/RSS API component, where blind server-side...

PT-2026-26062

Name of the Vulnerable Software and Affected Versions BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 Description BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery issue in the externalfeed/RSS API component. Authenticated attackers...

EUVD-2011-2745

Malware in sbrugna...

EUVD-2018-3159

Malware in sbrugna...

EUVD-2024-54913

Malicious code in bioql PyPI...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

Mahara < 23.04.9, 24.04.5 Multiple Vulnerabilities

Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

Mahara 安全漏洞

Mahara is a free open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 23.04.8 and 24.04.4, which stems from an external RSS feed link attribute containing malicious values that could lead to a cross-site scripting attack...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

PT-2025-34769 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: The external RSS feed block in Mahara can allow for cross-site scripting XSS if the external feed XML contains a malicious value for the link attribute. Recommendations: Update Mahara to a...

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute...

CVE-2022-49315

creationtimestamp| type| source ---|---|--- 2025-08-19 18:29:29+00:00| seen| MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18...

CVE-2011-2771

Multiple cross-site scripting XSS vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 URI attributes and 2 the External Feed component, as demonstrated by the guid element in an RSS feed...

CVE-2024-7296

creationtimestamp| type| source ---|---|--- 2025-03-13 08:55:50+00:00| seen| https://t.me/cvedetector/20199 2025-08-13 13:26:34+00:00| seen| MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868...

CVE-2023-36036

creationtimestamp| type| source ---|---|--- 2023-11-14 21:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-11-14 22:02:58+00:00| exploited| https://t.me/informationsecuritychannel/51004 2023-11-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1160...