PT-2024-21277 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata,...

CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...

PT-2019-13885 · Woocommerce · Woocommerce Product Add-Ons

Name of the Vulnerable Software and Affected Versions: woocommerce-product-addon plugin version prior to 18.4 Description: The issue allows for XSS via an import of a new meta data structure. Recommendations: For versions prior to 18.4, update to version 18.4 or later to resolve the issue...

I Librarian I-librarian XXE vulnerability

I Librarian I-librarian is an application for editing PDF files. An XXE vulnerability exists in line 154 of the importmetadata.php file in I Librarian I-librarian 4.8 and earlier versions. An attacker can exploit this vulnerability to read the contents of a file and perform a server-side request...