23 matches found
PT-2026-25960
Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions prior to 1.6.6 Description The GLPI Inventory Plugin manages network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to version 1.6.6, unsanitized user input could lead to an...
EUVD-2023-47675
Malicious code in bioql PyPI...
EUVD-2022-15725
Malicious code in bioql PyPI...
CVE-2024-13382
The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-50349 Git does not sanitize URLs when asking for credentials interactively
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...
Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...
Sermon'e – Sermons Online <= 1.0.0 - Reflected XSS
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-43256
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
CVE-2023-43256
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
Path traversal
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
CVE-2023-43256
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
CVE-2023-43256
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
CVE-2023-21412 Non-sanitized user input could lead to SQL injections in AXIS License Plate Verifier
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...
CVE-2023-21411 Non-sanitized user input could lead to arbitrary code execution during Access Control configuration in AXIS License Plate Verifier
User provided input is not sanitized in the “Settings Access Control” configuration interface allowing for arbitrary code execution...
CVE-2023-21410 Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution...
SpEL Injection Attacks
spring-data-mongodb is vulnerable to Spring Expression Language SpEL injection. The vulnerability exists due to the non-sanitized input in the repository query method, allowing an attacker to inject and execute malicious SpEL to the repository query method when it is annotated with @Query or...
Drupal Core Remote Code Execution Vulnerability
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...
WordPress GTranslate Plugin < 2.9.7 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
FortiWLC XSS injection via crafted HTTP POST request
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. A successful attack would involve getting a targeted victim with an open session on the WebUI t...
CVE-2017-11594
Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...