GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions prior to 17.0 through 18.0.5, versions prior to 18.1 through 18.1.3, and versions prior to 18.2 through 18.2.1, which stems from the...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

WordPress Internal Comments Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Internal Comments Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4ebc42631ae8 Credits Rafie Muhammad Patchstack Requir...

WordPress Internal Comments plugin <= 1.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Internal Comments plugin versions = 1.2.2. Solution Update the WordPress Internal Comments plugin to the latest available version at least 1.2.3...

WordPress Internal Comments plugin <= 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Internal Comments plugin versions = 1.2.2. Solution Update the WordPress Internal Comments plugin to the latest available version at least 1.2.3...

When the 'Any logged in user' permission is added to 'Browse Project' permission in a Service Desk project, customer will automatically receive notifications when mentioned in an internal comment.

h3. Issue Summary When the 'Any logged in user' permission is added to 'Browse Project' permission in a Service Desk project, customer will automatically receive notifications when mentioned in an internal comment. h3. Steps to Reproduce Test Case1: Create a Service Desk project. Head to project...

HackerOne: User with Read-Only permissions can edit the Internal comment Activities on Bug Reports After Revoke the team access permissions

Poc : 1.Login into Programtestbug as Alice account 2.Create a new group with "Read-only" Permission . Add a Bob to that group 3.Bob report a bug to Programtestbug After Post "Some Internal comments" 4.Now Alice Revoke the Bob team access permissions so Bob is no longer part of the team 5.Bob...

HackerOne: Team Member(s) associated with a Group have Read-only permission (Post internal comments) can post comment to all the participants

Hello Hackerone, I find bug with it team Members associated with a Group have only permission Post internal comments can post comment to all the participants Bypass it just with Add comma ',' isinternal=,...