16 matches found
EUVD-2023-38525
Malicious code in bioql PyPI...
CVE-2023-34461
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
CVE-2023-34249
benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software...
CVE-2023-34461
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
Design/Logic Flaw
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
CVE-2023-34461 Cross-site Scripting (XSS) Availability in PyBB
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
CVE-2023-34461 Cross-site Scripting (XSS) Availability in PyBB
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
CVE-2023-34461
PyBB XSS in 0.1.0 : A manual review shows PyBB 0.1.0 allowed submission of arbitrary HTML (e.g., xss) that could execute client-side JS. The issue was patched in commit 5defd92; upgrade to 0.1.1 is advised. If upgrading isn’t possible, workarounds include removing post creation, removing the |saf...
CVE-2023-34461 Cross-site Scripting (XSS) Availability in PyBB
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...
PT-2023-24892 · Pybb · Pybb
Name of the Vulnerable Software and Affected Versions: PyBB versions 0.1.0 Description: A manual code review of the PyBB bulletin board server revealed a vulnerability that allows users to submit any type of HTML tag, which can be executed. For example, a malicious tag, such as xss, can be used t...
PyBB 跨站脚本漏洞
PyBB is an open source bulletin board for individual developers in Ben, UK. PyBB version 0.1.0 suffers from a cross-site scripting vulnerability that stems from the presence of a cross-site scripting vulnerability that allows an attacker to run malicious JavaScript code on the client side...
CVE-2023-34249 benjjvi/PyBB may send unsanitized request to SQL database
benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software...
CVE-2023-34249
The CVE-2023-34249 entry concerns the benjjvi/PyBB bulletin board, where versions prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2 were vulnerable to SQL Injection. The vulnerability is fixed in that commit, and a manual workaround is to sanitize queries in BulletinDatabaseModule.py. The ...
CVE-2023-34249 benjjvi/PyBB may send unsanitized request to SQL database
benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software...
PyBB SQL注入漏洞
PyBB is an open source bulletin board for individual developers in Ben, UK. PyBB suffers from a SQL injection vulnerability. An attacker exploited the vulnerability to cause sensitive information to be disclosed...
PT-2023-24772 · Pybb · Pybb
Name of the Vulnerable Software and Affected Versions: benjjvi/PyBB versions prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2 Description: The issue is related to SQL Injection. benjjvi/PyBB is an open source bulletin board. To avoid the problem, a user may update the software manually by...