154 matches found
WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Mage Front End Forms versions = 1.1.4...
WordPress Mage Front End Forms Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Mage Front End Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 411709dfd335 Credits SOPROBRO Required privilege...
Arbitrary File Leakage
Mage AI is vulnerable to Arbitrary File Leakage. The vulnerability is due to improper validation and handling of file paths in the "File Content" request, which allows unauthorized users to access files outside of their intended scope...
Path Traversal
Mage AI is vulnerable to Path Traversal. The vulnerability is due to improper handling of file paths in the "Pipeline Interaction" request, which allows an attacker to leak arbitrary files from the Mage server...
Path Traversal
Mage AI is vulnerable to Path Traversal. The vulnerability is due to improper input validation, allowing remote users with the "Viewer" role to leak arbitrary files from the Mage server through the "Git Content" request...
GHSA-V9WR-8WRM-H6P7 Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...
Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...
Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...
Mage AI incorrectly gives privileges to users with deleted accounts
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...
GHSA-JG95-R9XH-XW9C Mage AI incorrectly gives privileges to users with deleted accounts
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...
GHSA-4MRC-W7JH-HX4J Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
GHSA-CGXV-795X-3VQR Mage AI Path Traversal vulnerability
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...
CVE-2024-45189
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...
CVE-2024-45190
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
CVE-2024-45189
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...
CVE-2024-45190
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
CVE-2024-45188
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...
CVE-2024-45188
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...
CVE-2024-45190 Mage AI pipeline interaction request remote arbitrary file leak
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...