14 matches found
EUVD-2022-6468
Malicious code in bioql PyPI...
EUVD-2022-7038
Malicious code in bioql PyPI...
CVE-2022-36037
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
CVE-2022-39322
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
PT-2024-40445 · Silverstripe · Silverstripe Cms
Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: A cross-site scripting issue has been found in the TreeDropdownField and TreeMultiSelectField. This can be exploited if a user with CMS access posts malicious or unescaped HTML int...
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
GHSA-6MHR-52MV-6V6F Field-level access-control bypass for multiselect field
Impact @keystone-6/[email protected] || 2.3.0 users who are using the multiselect field, and provided field-level access control - are vulnerable to their field-level access control not being used. List-level access control is NOT affected. Field-level access control for fields other than multiselect ar...
PT-2022-24899 · Unknown · @Keystone-6/Core
Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions 2.2.0 through 2.3.0 Description: The issue affects users of the multiselect field in @keystone-6/core who have configured field-level access control. The field-level access control is not being used, making the data...
CVE-2022-36037
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
Cross site scripting
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
Cross-site scripting from dynamic options in the multiselect field
Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...
GHSA-3F89-869F-5W76 Cross-site scripting from dynamic options in the multiselect field
Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...