19 matches found
EUVD-2025-34902
ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal...
EUVD-2024-2406
Malicious code in bioql PyPI...
EUVD-2025-18272
Malicious code in bioql PyPI...
EUVD-2025-18273
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
ibexa/admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-generated content, allowing attackers with Editor or Administrator privileges to inject persistent XSS payloads that can later execute in the front office...
GHSA-VHGQ-R8GX-5FPV Ibexa Admin UI assets XSS vulnerabilities in back office
Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...
Ibexa Admin UI assets XSS vulnerabilities in back office
Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...
CVE-2024-39318
The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have t...
CVE-2024-53864
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
Cross-site Scripting (XSS)
ibexa/admin-ui is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization in the Content name pattern mechanism, which is used to build Content names from one or more fields. Exploitation requires Content edit permissions, allowing an attacker to inject malicio...
CVE-2024-53864
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
CVE-2024-39318
The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have t...
CVE-2024-39318
The CVE-2024-39318 entry maps to a concrete DOM-based XSS in the Ibexa Admin UI Bundle file-upload widget. The vulnerability stems from insufficient sanitization of filenames, allowing XSS payloads to be executed during upload when the attacker has upload-permission (typically authenticated edito...
CVE-2024-39318 Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have t...
CVE-2024-39318 Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have t...
PT-2024-28442 · Ibexa · Ibexa Admin Ui Bundle
Name of the Vulnerable Software and Affected Versions: Ibexa Admin UI Bundle affected versions not specified Description: The file upload widget in the Ibexa Admin UI Bundle is vulnerable to XSS payloads in filenames. Access permission to upload files is required, which is typically only granted ...
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Critical severity. It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, please verify which users have...