CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

SUSE CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...

SUSE-SU-2022:3601-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002421 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames bsc1203994. - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a...

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A cross-site scripting vulnerability exists in Gogs versions prior to...

GHSA-XQ4V-VRP9-VCF2 Cross-site Scripting vulnerability in repository issue list in Gogs

Impact DisplayName allows all the characters from users, which leads to an XSS vulnerability when directly displayed in the issue list. Patches DisplayName is sanitized before being displayed. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds Check and update the existing users...

CVE-2022-31038 XSS vulnerability in repository issue list in Gogs

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

PT-2022-20478 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs versions prior to 0.12.9 Description: The issue is related to an XSS vulnerability in the repository issue list of Gogs, an open source self-hosted Git service. In affected versions, the DisplayName does not filter characters input from...

CVE-2020-13283

For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title...

CVE-2019-18369

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible...

Redmine cross-site scripting vulnerability (CNVD-2017-31957)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the app/views/issues/list.html.erb file in Redmine...

DEBIAN-CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...

UBUNTU-CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...

CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...

CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...