EUVD-2022-46332

Malicious code in bioql PyPI...

CVE-2023-28369

Brother iPrint V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview...

CVE-2022-43288

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the orderby parameter at /rukovoditel/index.php?module=logs/view=php...

CVE-2024-38858

Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view...

PT-2024-28239 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p14 Description: The issue is related to improper neutralization of input in Checkmk, allowing attackers to inject and run malicious scripts in the Robotmk logs view. This could potentially lead to arbitrary cod...

CVE-2022-43288

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the orderby parameter at /rukovoditel/index.php?module=logs/view&type=php...

Rukovoditel SQL注入漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from the attacker can be...

CVE-2022-43288

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the orderby parameter at /rukovoditel/index.php?module=logs/view&type=php...

PT-2022-26830 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A SQL injection issue was found in Rukovoditel via the order by parameter at the "/rukovoditel/index.php?module=logs/view&type=php" endpoint. This allows for potential SQL injection attacks...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2022-54306)

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates from a lack of data validation filtering of user-supplied data and output in...

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates from a lack of data validation filtering of user-supplied data and output in...

CVE-2021-25078

The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests...

UBUNTU-CVE-2019-7335

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

Wing FTP Server 3.2.4 - Cross-Site Request Forgery

Wing FTP Server 3.2.4 - Cross-Site Request Forgery Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF Author: Ams Contact: mail: ax330d at gmail dot com site: http://www.0x416d73.name/ 1. About software "Wing FTP server is not only a...