Lucene search
K

21 matches found

Snyk
Snyk
added 2025/10/29 10:49 p.m.3 views

Malicious Package

Overview jira-ticket-todo-comment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/29 10:49 p.m.5 views

EUVD-2025-36808

Malicious code in jira-ticket-todo-comment npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:49 p.m.4 views

Malicious code in jira-ticket-todo-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f93f4caecf2a8d9f056f2b72cb51b1905579bf89bf8c1e994e68028c24d2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/29 10:49 p.m.2 views

MAL-2025-49015 Malicious code in jira-ticket-todo-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f93f4caecf2a8d9f056f2b72cb51b1905579bf89bf8c1e994e68028c24d2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/16 3:51 a.m.12 views

Moderate: Red Hat Bug Fix Advisory: linux-firmware bug fix and enhancement update

An update for linux-firmware is now available for Red Hat Enterprise Linux 9. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Bug Fixes and Enhancements: Update linux-firmware to latest upstream rhel-9.6.z JIRA:RHEL-108919...

5.6CVSS7.1AI score0.00298EPSS
Exploits0
OSV
OSV
added 2024/09/18 2:26 p.m.16 views

GHSA-PG4M-3GP6-HW4W org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users

Impact It's possible to get access to notification filters of any user by using a URL such as xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do...

6.9CVSS5.2AI score0.0055EPSS
Exploits1References8
OSV
OSV
added 2024/09/18 2:26 p.m.14 views

GHSA-R95W-889Q-X2GX org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1...

7.1CVSS6.3AI score0.00519EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/06/22 8:0 p.m.33 views

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.8AI score0.02377EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/06/22 7:59 p.m.35 views

GHSA-R8XC-XXH3-Q5X3 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

9.6CVSS7.7AI score0.02268EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/06/22 7:59 p.m.32 views

XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.8AI score0.02268EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/06/22 7:59 p.m.21 views

GHSA-X234-MG7Q-M8G8 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alertdocument.domain This vulnerability exists sin...

9.6CVSS7.7AI score0.02182EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/06/22 7:59 p.m.37 views

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alertdocument.domain This vulnerability exists sin...

9.6CVSS6.8AI score0.02182EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/06/22 7:59 p.m.24 views

GHSA-PHWM-87RG-27QQ XWiki Platform vulnerable to reflected cross-site scripting via delattachment action

Impact It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. Patches The vulnerabilit...

8.4CVSS6.3AI score0.00633EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/06/22 7:59 p.m.52 views

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alertdocument.domain Th...

9.6CVSS6.6AI score0.02081EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2023/06/20 5:42 p.m.19 views

GHSA-Q9HG-9QJ2-MXF9 XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as:...

9.6CVSS7.7AI score0.02377EPSS
Exploits0References6
OSV
OSV
added 2023/05/15 8:52 p.m.21 views

GHSA-6GVJ-8VC5-8V3J org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability

Impact It's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like...

4.7CVSS5.3AI score0.5507EPSS
Exploits0References7
OSV
OSV
added 2023/04/20 10:1 p.m.18 views

GHSA-M3C3-9QJ7-7XMX Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer

Impact The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine e.g. tomcat running XWiki. The same vulnerability also allowed to...

7.5CVSS7.5AI score0.0101EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/04/20 10:1 p.m.35 views

Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer

Impact The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine e.g. tomcat running XWiki. The same vulnerability also allowed to...

7.5CVSS6AI score0.0101EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/04/12 8:40 p.m.27 views

GHSA-VVP7-R422-RX83 Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

Impact It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with uorgsuggest.vm. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last...

3.7CVSS4.5AI score0.00693EPSS
Exploits1References6
CVE
CVE
added 2022/01/26 11:10 a.m.164 views

CVE-2022-22932

CVE-2022-22932 affects Apache Karaf via partial path traversal in obr:* commands and the karaf-maven-plugin run goal, which could allow breaking out of the designated folder. The issue is considered low risk in the public description, since obr:* usage is limited and the entry is user-controlled....

5.3CVSS5.5AI score0.0283EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder