Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/11/27 12:30 p.m.8 views

pretix has Email Content Injection Through Maliciously Formatted Names

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.5 views

WordPress Plugin Simple Ajax Chat Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS6.6AI score0.00452EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.24 views

Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. PoC await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...

6.5AI score0.00452EPSS
Exploits2Affected Software1
Code423n4
Code423n4
added 2023/02/02 12:0 a.m.24 views

SubprotocolRegistry is vulnerable to malicious names

Lines of code Vulnerability details Impact A malicious subprotocol can register a name that looks the same as any other protocol. Users may use the malicious subprotocol because they can't distinguish the names, and be cheated out of subprotocolFee. Proof of Concept Any subprotocol can be...

6.8AI score
Exploits0
OSV
OSV
added 2022/05/17 3:23 p.m.4 views

CLSA-2022-1652801011 Fix CVE(s): CVE-2022-1271

SECURITY UPDATE: arbitrary file overwrite or code execution with crafted file names - debian/patches/CVE-2022-1271.patch: fix escaping of malicious filenames in src/scripts/xzgrep.in. - CVE-2022-1271...

8.8CVSS7.3AI score0.04271EPSS
Exploits0References1
Rows per page
Query Builder