23 matches found
CVE-2026-44960
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...
CVE-2026-44960
Vulnerability summary (CVE-2026-44960) : A stored XSS exists in Revive Adserver where malicious content placed in the username could be executed when an admin views audit log details, due to missing output sanitisation. The issue is triggered by usernames being displayed in the audit log details ...
EUVD-2026-38503
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...
Revive Adserver: Stored XSS via malicious usernames in audit log details + Username validation bypass in XML‑RPC addUser
Vulnerability description not provided...
EUVD-2017-15204
Malware in sbrugna...
WordPress plugin Ultimate WP Mail 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-29716 · WordPress · The Ultimate Wp Mail
Name of the Vulnerable Software and Affected Versions: The Ultimate WP Mail versions 1.0.17 through 1.3.6 Description: The plugin is susceptible to privilege escalation due to insufficient authorization within the get email log details AJAX handler. The handler retrieves email log post content,...
GHSA-RMCP-9FHQ-58PV Improper permissions handling in MediaWiki AbuseFilter
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter...
DEBIAN-CVE-2024-47913
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter...
UBUNTU-CVE-2024-47913
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from the fact that even though API...
Uninstallation of the Citrix License Server Fails with Error 1722
The uninstallation of the Citrix License Server fails and the following error message is displayed: “Product: Citrix Licensing -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or...
GHSA-52GM-QMG3-R4QP Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...
CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...
CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...
EPA failure (Access denied)
EPA failure with the following error seen in the logs: 2022-04-13 12:24:19.079 | Tid: 03344 | ERROR | downloadEpaLib | 296 | Failed to verify downloaded EPA library 2022-04-13 12:24:19.079 | Tid: 03344 | DEBUG | nsverifyfile: called 2022-04-13 12:24:19.080 | Tid: 03344 | ERROR | nsverifyTrustedCe...
Errors testing new connector to CHv 8 - "Connection Error: A failure occurred connecting to Citrix Hypervisor. Error = write EPROTO 140247625111360:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol"
When i try to configure a connector for this server on Citrix Hypervisor 8, if we check "Use Secured Communications", we get the error "Failed to connect to the server at ...". If we uncheck "Use Secured Communications" and "Ignore Certificate Errors", we can configure the connector. In the file...
NetIQ Identity Manager System or Configuration Enumeration Vulnerability
NetIQ Identity Manager is a comprehensive identity and access control solution. A system or configuration enumeration vulnerability exists in NetIQ Identity Manager versions prior to 4.7. An attacker could exploit this vulnerability for system or configuration enumeration using details provided i...
Design/Logic Flaw
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...