Lucene search
K

613 matches found

Github Security Blog
Github Security Blog
added 2024/05/23 7:50 p.m.20 views

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

6.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/23 7:50 p.m.24 views

GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

6.1CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2024/04/23 9:15 p.m.42 views

CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS8.5AI score0.00725EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/23 9:7 p.m.50 views

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS8.7AI score0.00725EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/23 9:7 p.m.8 views

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS6.6AI score0.00725EPSS
Exploits0References3
CVE
CVE
added 2024/04/23 9:7 p.m.80 views

CVE-2024-32866

CVE-2024-32866 concerns Conform, a type-safe form validation library. The issue enables prototype pollution through parsing of nested objects (object.property) in parseWith… functions due to an improper implementation in versions prior to 1.1.1. This affects server-side validation of form data or...

8.6CVSS6.5AI score0.00725EPSS
Exploits0References3
OSV
OSV
added 2024/04/23 9:7 p.m.30 views

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS8.2AI score0.00725EPSS
Exploits0References5
NVD
NVD
added 2024/03/13 9:15 p.m.23 views

CVE-2024-24105

SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php...

7.8CVSS8AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2024/03/13 9:15 p.m.5 views

CVE-2024-24105

SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php...

7.8CVSS6AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.6 views

PT-2024-20273 · Unknown · Code-Projects Computer Science Time Table System

Name of the Vulnerable Software and Affected Versions: Code-projects Computer Science Time Table System version 1.0 Description: The issue allows attackers to run arbitrary code via the "adminFormvalidation.php" endpoint. This can be exploited by injecting malicious SQL code, potentially leading ...

7.8CVSS8.6AI score0.00347EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/01/24 6:31 p.m.37 views

CSRF vulnerability in Jenkins GitLab Branch Source Plugin

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. GitLab Branch Source Plugin...

4.3CVSS4.4AI score0.00323EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/24 6:31 p.m.31 views

GHSA-8R93-59CF-358F CSRF vulnerability in Jenkins GitLab Branch Source Plugin

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. GitLab Branch Source Plugin...

4.3CVSS4.7AI score0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.4 views

PT-2024-1421 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. Th...

5CVSS6.6AI score0.00323EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.27 views

Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

8.8CVSS6.6AI score0.00447EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/12/13 6:31 p.m.32 views

GHSA-PHJQ-7XQP-2526 Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.2CVSS8.7AI score0.00447EPSS
Exploits0References6
OSV
OSV
added 2023/12/13 6:31 p.m.25 views

GHSA-4G5F-W3MH-W99M Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

4.2CVSS4.9AI score0.00485EPSS
Exploits0References6
OSV
OSV
added 2023/09/06 1:15 p.m.6 views

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

6.1CVSS5.8AI score0.00435EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/09/06 12:9 p.m.35 views

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

6.1CVSS7.2AI score0.00435EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/23 6:15 a.m.6 views

CVE-2023-41100

An issue was discovered in the hcaptcha aka hCaptcha for EXT:form extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check...

5.3CVSS5.8AI score0.00515EPSS
Exploits0References2
OSV
OSV
added 2023/08/22 12:31 a.m.17 views

GHSA-223M-PGCQ-F3XG Jenkins Fortify Plugin HTML injection vulnerability

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability. Fortify Plugin 22.2.39 removes HTML tags from the error message...

4.3CVSS5.5AI score0.00411EPSS
Exploits0References4
Rows per page
Query Builder