Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-26183

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00201EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/31 11:27 a.m.4 views

CVE-2025-40702

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

5.4CVSS6AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/29 11:16 a.m.1 views

CVE-2025-40702 Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

5.1CVSS5.5AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2025/08/29 11:16 a.m.22 views

CVE-2025-40702

OpenAtlas v8.9.0 (ACDH-CH) is affected by a Cross‑Site Scripting (XSS) flaw caused by inadequate validation of user input in a POST to the /insert/file endpoint, specifically via the creator and license_holder parameters. Multiple sources (NVD, Red Hat, CVE lists, and OSV) confirm the vulnerabili...

5.4CVSS5.5AI score0.00201EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.4 views

PT-2025-35203

Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: A Cross-Site Scripting XSS issue exists in OpenAtlas due to insufficient validation of user input received through POST requests. This could allow a remote user to send crafted queries to an authenticated...

5.4CVSS5.5AI score0.00201EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/02/21 6:4 p.m.23 views

XWiki extension license information is public, exposing instance id and license holder details

Impact The licensor application includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email o...

5.3CVSS6.5AI score0.00492EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/02/21 4:52 p.m.48 views

CVE-2024-26138 License information is public, exposing instance id and license holder details

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...

5.3CVSS5.4AI score0.00492EPSS
Exploits0References3
Rows per page
Query Builder