13 matches found
CVE-2024-50810
hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...
CVE-2024-50811
hopetree izone lts c011b48 contains a server-side request forgery SSRF vulnerability in the active push function as \\apps\\tool\\apis\\bdpush.py does not securely filter user input through pushurls and geturls...
CVE-2024-50811
hopetree izone lts c011b48 contains a server-side request forgery SSRF vulnerability in the active push function as \apps\tool\apis\bdpush.py does not securely filter user input through pushurls and geturls...
CVE-2024-50811
hopetree izone lts c011b48 contains a server-side request forgery SSRF vulnerability in the active push function as \apps\tool\apis\bdpush.py does not securely filter user input through pushurls and geturls...
CVE-2024-50810
hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...
CVE-2024-50810
CVE-2024-50810 affects hopetree izone lts (version c011b48). The vulnerability is a Cross Site Scripting (XSS) in the article comment function, caused by AddCommintView() not properly filtering user input and rendering it directly via templates in apps/comment/views.py. This can allow attacker-co...
CVE-2024-50811
hopetree izone lts c011b48 contains a server-side request forgery SSRF vulnerability in the active push function as \apps\tool\apis\bdpush.py does not securely filter user input through pushurls and geturls...
PT-2024-34419 · Unknown · Hopetree Izone Lts
Name of the Vulnerable Software and Affected Versions: hopetree izone lts version c011b48 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the article comment function. Specifically, the AddCommintView function in appscommentviews.py does not securely filter user...
CVE-2024-50811
The CVE-2024-50811 entry concerns hopetree izone lts, version c011b48, which contains a server-side request forgery (SSRF) in the active push function. The vulnerability is caused by inadequate input filtering in the internal functions push_urls() and get_urls() within apps/tool/apis/bd_push.py, ...
CVE-2024-50810
hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...
CVE-2024-50810
hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...
izone 安全漏洞
izone is a Django-based blogging project by the individual developer of Hopetree. A security vulnerability exists in izone, which stems from the pushurls and geturls functions in apps oolapisdpush.py containing a server-side request forgery...
CVE-2024-50811
hopetree izone lts c011b48 contains a server-side request forgery SSRF vulnerability in the active push function as \apps\tool\apis\bdpush.py does not securely filter user input through pushurls and geturls...