617 matches found
UBUNTU-CVE-2024-33999
The referrer URL used by MFA required additional sanitizing, rather than being used directly...
CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...
CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...
CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...
CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php
The referrer URL used by MFA required additional sanitizing, rather than being used directly...
CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php
The referrer URL used by MFA required additional sanitizing, rather than being used directly...
CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php
The referrer URL used by MFA required additional sanitizing, rather than being used directly...
CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...
PT-2024-25627 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue arises from the unsafe direct use of the HTTP REFERER variable in the admin/tool/mfa/index.php file. Specifically, the referrer URL used by Multi-Factor Authentication MFA required...
CVE-2023-28952
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463...
CVE-2023-28952 IBM Cognos Controller log injection
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463...
CVE-2024-25047
IBM Cognos Analytics is affected by CVE-2024-25047: injection attacks in application logging due to unsanitized user-supplied data. Affected versions are 11.2.0–11.2.4 and 12.0.0–12.0.2. Root cause is improper sanitization in logging code, enabling potential follow-on attacks. IBM recommends upgr...
PT-2024-25628 · Alt Linux +1 · Alt Linux +1
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns a stored XSS risk due to insufficient sanitizing of ID numbers displayed in the lesson overview report. Recommendations: At the moment, there is no information about a...
GHSA-X768-CVR2-345R Un-sanitized metric name or labels can be used to take over exported metrics
Impact In code which applies un-sanitized string values into metric names or labels, like this: swift let lang = try? request.query-getString.self, at: "lang" Counter label: "language", dimensions: "lang", lang ?? "unknown" an attacker could make use of this and send a ?lang query parameter...
CVE-2024-25136
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content...
CVE-2024-25136
CVE-2024-25136 affects AutomationDirect C-MORE EA9 HMI. The vulnerability is a path traversal flaw where a function allows a relative URL path to be sent without proper sanitization, enabling remote exploitation with low attack complexity. Public sources (ICS advisory ICSA-24-086-01) state vulner...
BIT-MOODLE-2020-25628
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14...
BIT-MOODLE-2021-20279
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...
BIT-MOODLE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...
BIT-MOODLE-2021-36399
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk...