9 matches found
Missing Authentication for Critical Function
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the deduplicateCreatePost method. An attacker can access posts in private channels without proper...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.6 and prior 10.5.x, 10.8.1 and prior 10.8.x, 10.7.3 and prior 10.7.x, and 9.11.16 and prior 9.11.x. The vulnerability stems from a failure to...
Gutenberg < 16.8.1 - Contributor+ Stored XSS
Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. PoC 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the...
Gutenberg < 16.8.1 - Contributor+ Stored XSS
Description The plugin does not adequately escape the content of the footnotes within the paragraph block of the block editor, leading to a Contributor+ Cross-Site Scripting vulnerability. 1. Create a new post as a Contributor user. 2. Add a paragraph block and add a footnote to the paragraph. 3...
CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...
CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...
PT-2023-18510 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 3.0.0.beta16 on the beta and tests-passed branches Description: The issue concerns a cross-site scripting attack through pending post titles, which can be...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform. The platform includes community, email and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from its pending post titles allowing an attacker to implement cross-site scripting. When a category has...
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...