Cross site scripting

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28097 Stored Cross-site Scripting in Calendar functionality in Schoolbox

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28097 Stored Cross-site Scripting in Calendar functionality in Schoolbox

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28096 Stored Cross-site Scripting in Class functionality in Schoolbox

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28095 Stored Cross-site Scripting in News functionality in Schoolbox

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records...

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records...

CVE-2024-28094

CVE-2024-28094 affects the Schoolbox application’s chat functionality prior to version 23.1.3. The issue is a blind SQL Injection that authenticated attackers can exploit to read, modify, and delete database records. Multiple sources confirm the vulnerability in Schoolbox before 23.1.3 and indica...

PT-2024-22263 · Schoolbox · Schoolbox

Name of the Vulnerable Software and Affected Versions: Schoolbox versions prior to 23.1.3 Description: The issue concerns stored cross-site scripting in the Class functionality of the Schoolbox application. This allows an authenticated attacker to perform security actions in the context of affect...

PT-2024-22262 · Schoolbox · Schoolbox

Name of the Vulnerable Software and Affected Versions: Schoolbox versions prior to 23.1.3 Description: The issue concerns stored cross-site scripting in the news functionality, allowing an authenticated attacker to perform security actions in the context of affected users. Recommendations: For...

BIT-GITLAB-2020-26412

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2...

BIT-GITLAB-2022-3067

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects'...

BIT-SUITECRM-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality...

BIT-TYPO3-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

Design/Logic Flaw

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45598

Summary: CVE-2023-45598 affects AiLux imx6 bundle prior to version imx6_1.0.7-2, via a vulnerability in the web application’s “measure” functionality. The root cause is a CWE-425 Direct Request (Forced Browsing)/Missing Authorization, allowing a remote unauthenticated attacker to access confident...

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2024-25164

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality...

Path traversal

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality...