Lucene search
K

154 matches found

Patchstack
Patchstack
added 2024/11/08 5:59 p.m.6 views

WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Mage Front End Forms versions = 1.1.4...

6.5CVSS6.1AI score0.00231EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.14 views

WordPress Mage Front End Forms Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Mage Front End Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 411709dfd335 Credits SOPROBRO Required privilege...

6.5CVSS6.9AI score0.00231EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/08/26 6:45 a.m.14 views

Arbitrary File Leakage

Mage AI is vulnerable to Arbitrary File Leakage. The vulnerability is due to improper validation and handling of file paths in the "File Content" request, which allows unauthorized users to access files outside of their intended scope...

6.5CVSS7AI score0.00881EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/08/26 6:45 a.m.13 views

Path Traversal

Mage AI is vulnerable to Path Traversal. The vulnerability is due to improper handling of file paths in the "Pipeline Interaction" request, which allows an attacker to leak arbitrary files from the Mage server...

6.5CVSS7AI score0.00859EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/08/26 6:4 a.m.15 views

Path Traversal

Mage AI is vulnerable to Path Traversal. The vulnerability is due to improper input validation, allowing remote users with the "Viewer" role to leak arbitrary files from the Mage server through the "Git Content" request...

6.5CVSS7.2AI score0.00881EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/08/23 9:30 p.m.8 views

GHSA-V9WR-8WRM-H6P7 Mage AI Path Traversal vulnerability

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...

7.1CVSS6.7AI score0.00881EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/08/23 9:30 p.m.25 views

Mage AI Path Traversal vulnerability

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS6.9AI score0.00859EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/23 9:30 p.m.23 views

Mage AI Path Traversal vulnerability

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...

6.5CVSS6.9AI score0.00881EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/23 9:30 p.m.25 views

Mage AI Path Traversal vulnerability

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...

6.5CVSS6.9AI score0.00881EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/23 9:30 p.m.31 views

Mage AI incorrectly gives privileges to users with deleted accounts

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...

8.8CVSS7.7AI score0.00467EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/23 9:30 p.m.15 views

GHSA-JG95-R9XH-XW9C Mage AI incorrectly gives privileges to users with deleted accounts

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server...

7.3CVSS7.4AI score0.00467EPSS
Exploits0References3
OSV
OSV
added 2024/08/23 9:30 p.m.11 views

GHSA-4MRC-W7JH-HX4J Mage AI Path Traversal vulnerability

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

7.1CVSS6.7AI score0.00859EPSS
Exploits1References3
OSV
OSV
added 2024/08/23 9:30 p.m.12 views

GHSA-CGXV-795X-3VQR Mage AI Path Traversal vulnerability

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...

7.1CVSS6.7AI score0.00881EPSS
Exploits1References3
OSV
OSV
added 2024/08/23 8:15 p.m.5 views

CVE-2024-45189

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...

6.5CVSS5.9AI score0.00881EPSS
Exploits1References1
OSV
OSV
added 2024/08/23 8:15 p.m.4 views

CVE-2024-45190

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS5.9AI score0.00859EPSS
Exploits1References1
NVD
NVD
added 2024/08/23 8:15 p.m.34 views

CVE-2024-45189

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...

6.5CVSS0.00881EPSS
Exploits1References1
NVD
NVD
added 2024/08/23 8:15 p.m.29 views

CVE-2024-45190

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS0.00859EPSS
Exploits1References1
NVD
NVD
added 2024/08/23 8:15 p.m.12 views

CVE-2024-45188

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...

6.5CVSS0.00881EPSS
Exploits1References1
OSV
OSV
added 2024/08/23 8:15 p.m.4 views

CVE-2024-45188

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...

6.5CVSS5.9AI score0.00881EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/23 7:16 p.m.19 views

CVE-2024-45190 Mage AI pipeline interaction request remote arbitrary file leak

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...

6.5CVSS0.00859EPSS
Exploits1References1
Rows per page
Query Builder