Lucene search
K

128 matches found

NVD
NVD
added 2023/04/05 9:15 p.m.27 views

CVE-2023-1787

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

5.3CVSS4.5AI score0.00752EPSS
Exploits0References2
Prion
Prion
added 2023/04/05 9:15 p.m.19 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

5CVSS4.9AI score0.00752EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/05 9:15 p.m.6 views

UBUNTU-CVE-2023-1787

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

5.3CVSS5.7AI score0.00752EPSS
Exploits0References2
OSV
OSV
added 2023/04/05 12:0 a.m.22 views

CVE-2023-1787

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

4.3CVSS6.6AI score0.00752EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/04/05 12:0 a.m.28 views

CVE-2023-1787

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

4.3CVSS5.6AI score0.00752EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/05 12:0 a.m.11 views

CVE-2023-1787

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

4.3CVSS4.4AI score0.00752EPSS
Exploits0References2
CVE
CVE
added 2023/04/05 12:0 a.m.104 views

CVE-2023-1787

GitLab CVE-2023-1787 affects GitLab versions 15.9 before 15.9.4 and 15.10 before 15.10.1. The issue arises from a crafted HTML payload in an issue description that triggers a search timeout, a potential denial-of-service condition with availability impact. There are no exploit details in the prov...

5.3CVSS5.1AI score0.00752EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.3 views

PT-2023-17245 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where a search timeout could be triggered if a specific HTML payload was used in the issue description...

5.3CVSS4.8AI score0.00752EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2023/04/05 12:0 a.m.20 views

CVE-2023-1787

Removed by vendor...

5.3CVSS6AI score0.00752EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/04 12:0 a.m.38 views

GitLab 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-1787)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML...

5.3CVSS5.6AI score0.00752EPSS
Exploits0References3
OSV
OSV
added 2022/12/02 8:15 p.m.5 views

CVE-2022-44950

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...

5.4CVSS5.9AI score0.00937EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/02 12:0 a.m.8 views

CVE-2022-44951

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Nam...

5.3AI score0.00937EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.6 views

CVE-2022-45037

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field...

5.3AI score0.01024EPSS
Exploits1References1
Prion
Prion
added 2022/02/01 1:15 p.m.20 views

Type confusion

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

4.3CVSS6AI score0.0231EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/01 12:21 p.m.35 views

CVE-2021-24814 WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

9.5AI score0.02085EPSS
Exploits2References1
Gitee
Gitee
added 2021/10/08 3:46 p.m.7 views

Exploit for Path Traversal in Microsoft

PoC exploit for CVE-2021-40444, a Microsoft Office Word RCE vulnerability. The target is Microsoft Office Word, with the vulnerability class being Remote Code Execution RCE. The probable entry point is the exploit.py script, which is not specified how it is typically invoked. The exploit chain...

8.8CVSS7.5AI score0.96843EPSS
Exploits38
NVD
NVD
added 2021/07/30 2:15 p.m.31 views

CVE-2020-20701

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS0.00579EPSS
Exploits1References1
Prion
Prion
added 2021/07/30 2:15 p.m.21 views

Cross site scripting

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

3.5CVSS5AI score0.00579EPSS
Exploits1References1Affected Software1
Huntr
Huntr
added 2021/07/26 6:33 p.m.12 views

Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/07/25 8:43 a.m.7 views

Cross-Site Request Forgery (CSRF) in pimcore/pimcore

✍️ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...

0.3AI score
Exploits0
Rows per page
Query Builder