Lucene search
K

3 matches found

OSV
OSV
added 2026/05/14 8:56 p.m.8 views

GHSA-33P6-5JXP-P3X4 utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

Summary The substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...

10CVSS6AI score0.00272EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 8:56 p.m.15 views

utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol

Summary The substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...

8.3CVSS6AI score0.00272EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.6 views

CVE-2022-39301 sra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file upload

sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...

8.2CVSS7.8AI score0.00451EPSS
Exploits1References1
Rows per page
Query Builder