15 matches found
CVE-2026-34390
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...
GHSA-FRF7-JHP9-JXM6 MantisBT Vulnerable to Privilege Escalation from Manager to Administrator
Insufficient access control checks in ProjectUsersAddCommand used in manageprojuseradd.php and REST API endpoint PUT /project/id/users allows users having manageprojectthreshold access level manager by default to grant project-level administrator access to any user including themselves in any...
EUVD-2026-13730
DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...
CVE-2026-29828
DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...
PT-2026-26643
CVE-2026-29828 DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/id page via the input field projectDesc. https://t.co/IdJyEMWfTe...
CVE-2026-29828
DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...
CVE-2026-29828
CVE-2026-29828 affects DooTask v1.6.27 with a Cross-Site Scripting (XSS) vulnerability on the /manage/project/ page via the projectDesc input. The root cause and vulnerable component are described across multiple sources as an XSS in the manage/project interface; no explicit exploit details or re...
CVE-2026-29828
DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...
DooTask 安全漏洞
DooTask is a task management tool developed by Kuaifan’s individual developers. Version 1.6.27 of DooTask contains a security vulnerability. This vulnerability stems from improper handling of the projectDesc input field in the /manage/project/ page, which may lead to cross-site scripting attacks...
CVE-2026-29828
DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...
Privilege escalation in project role template binding (PRTB) and -promoted roles
Impact An issue was discovered in Rancher versions from 2.5.0 up to and including 2.5.16 and from 2.6.0 up to and including 2.6.9, where an authorization logic flaw allows privilege escalation via project role template binding PRTB and -promoted roles. This issue is not present in Rancher 2.7...
CVE-2014-2042
Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory ...
CVE-2014-2042
Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory ...
CVE-2014-2042
CVE-2014-2042 affects Livetecs Timelive; unrestricted file upload in the Manage Project functionality (Uploads/) enables remote code execution. Affected: Timelive up to version 6.2.71. Root cause: lack of file-type restrictions and permissive Read/Execute on uploaded files. Impact: potential arbi...
CVE-2014-2042
Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory ...