330 matches found
CVE-2026-9136
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
MINI-RFP7-FH6H-C3XJ
Bulletin has no description...
CVE-2019-25739
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...
CVE-2019-25739
GigToDo 1.3 is affected by a persistent cross-site scripting vulnerability accessible through the create_proposal endpoint, enabling authenticated attackers to inject JavaScript/HTML in the proposal description. When stored proposals are viewed by admins or other users, the payload can execute, p...
EUVD-2019-20175
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...
CVE-2019-25739
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...
CVE-2019-25739 GigToDo Freelance Marketplace Script 1.3 Persistent XSS
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the createproposal endpoint that execute when administrators or other...
PT-2026-46209
Name of the Vulnerable Software and Affected Versions GigToDo version 1.3 Description A persistent cross-site scripting issue allows authenticated attackers to inject malicious HTML and JavaScript code. This occurs via the proposal description field through the 'create proposal' endpoint. The...
GigToDo 跨站脚本漏洞
GigToDo is a freelance service trading platform system developed by GigToDo Inc. Version 1.3 of GigToDo has a cross-site scripting vulnerability. This vulnerability stems from injecting malicious JavaScript and HTML code through the proposal description field, potentially allowing authenticated...
CVE-2026-9136
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
PT-2026-42247
Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...
CVE-2026-32605
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
Decidim amendments can be accepted or rejected by anyone
Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...
CVE-2026-32605
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
CVE-2026-32605
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
CVE-2026-32605
The CVE concerns the Rust implementation of Nimiq PoS (nimiq/core-rs-albatross). Before version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal where signer == validators.num_validators(); the code uses ProposalSender::send with a > bound check inste...
CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...
core-rs-albatross 安全漏洞
core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross contained a security vulnerability. This vulnerability stemmed from the use of the greater than symbol instead of the greater than or equal symbol in the send...