Lucene search
+L

12 matches found

susecve
susecve
added 2026/03/05 6:55 a.m.4 views

SUSE CVE-2025-64641

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

4.1CVSS5.8AI score0.00146EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/25 8:16 a.m.7 views

CVE-2025-64641

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

4.1CVSS6.8AI score0.00146EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/24 8:2 a.m.2 views

CVE-2025-64641 Mattermost Jira plugin crafted action leaks Jira issue details

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

4.1CVSS6.4AI score0.00146EPSS
Exploits0References1
osv
osv
added 2023/06/22 7:59 p.m.23 views

GHSA-MWXJ-G7FW-7HC8 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alertdocument.domain This...

9.6CVSS8AI score0.02048EPSS
Exploits0References6
github
github
added 2022/01/28 10:25 p.m.45 views

Path traversal in Apache Karaf

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

5.3CVSS3.1AI score0.0283EPSS
Exploits0References7Affected Software1
nvd
nvd
added 2022/01/26 11:15 a.m.48 views

CVE-2022-22932

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

5.3CVSS0.0283EPSS
Exploits0References1
prion
prion
added 2022/01/26 11:15 a.m.17 views

Path traversal

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

5CVSS5.5AI score0.0283EPSS
Exploits0References1Affected Software1
github
github
added 2020/09/04 5:28 p.m.20 views

Cross-Site Scripting in atlasboard-atlassian-package

All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...

3.6AI score
Exploits0References3Affected Software1
osv
osv
added 2020/09/04 5:28 p.m.11 views

GHSA-25V4-MCX4-HH35 Cross-Site Scripting in atlasboard-atlassian-package

All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...

6.8AI score
Exploits0References2
nodejs
nodejs
added 2020/01/10 7:44 p.m.20 views

Cross-Site Scripting

Overview All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers bei...

6.6AI score
Exploits0Affected Software1
github
github
added 2018/10/16 11:13 p.m.24 views

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

Description: The Validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...

7.4CVSS7.7AI score0.0489EPSS
Exploits0References11Affected Software1
github
github
added 2018/10/16 11:13 p.m.56 views

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks

Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various...

9.8CVSS9.5AI score0.10604EPSS
Exploits1References23Affected Software1
Rows per page
Query Builder