EUVD-2018-11195

Malware in sbrugna...

EUVD-2023-28079

Malicious code in bioql PyPI...

CVE-2024-4465

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make...

CVE-2024-4465

CVE-2024-4465 describes an access control vulnerability in the Reports section of Guardian/CMC prior to version 24.2.0. A logged-in user with reporting privileges can discover a method to create a specific application request and make limited changes to the reporting configuration, risking partia...

CVE-2024-4465 Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make...

Improper Access Control

silverstripe/framework is vulnerable to Improper Access Control. The vulnerability is due to missing canView checks when the report is actually viewed, allowing any report to be accessed if the URL is known and the user can access the Reports section of the CMS...

CVE-2023-24015

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on...

CVE-2023-24015

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on...

Code injection

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on...

CVE-2023-24015 Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on...

CVE-2023-24015

CVE-2023-24015 affects Nozomi Guardian and Nozomi CMC prior to v22.6.2. A partial Denial of Service arises when an authenticated user saves a report with the name set to null in the Reports section, causing subsequent loads to stall and the reports list to become partially unavailable. CVSS metri...

Design/Logic Flaw

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...

CVE-2018-19506

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...

CVE-2018-19506

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...

CVE-2018-19506

Zurmo 3.2.4 is identified as affected by an XSS vulnerability in the reports module. The issue arises when an admin uses the name parameter in the reports section (URI: app/index.php/reports/default/details?id=1), enabling script injection. The NVD entry for CVE-2018-19506 documents this XSS, wit...

CVE-2018-19506

Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI...