Lucene search
K

617 matches found

OSV
OSV
added 2024/05/31 8:15 p.m.29 views

UBUNTU-CVE-2024-33999

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

9.8CVSS5.8AI score0.00541EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/31 8:1 p.m.18 views

CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...

5.7AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2024/05/31 8:1 p.m.15 views

CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...

4.3CVSS6AI score0.00494EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/31 8:1 p.m.28 views

CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...

5.4AI score0.00494EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/31 7:53 p.m.20 views

CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

6.8AI score0.00541EPSS
Exploits0References1
OSV
OSV
added 2024/05/31 7:53 p.m.14 views

CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

9.8CVSS7.2AI score0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/31 7:53 p.m.51 views

CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

6.4AI score0.00541EPSS
Exploits0References1
OSV
OSV
added 2024/05/31 7:38 p.m.19 views

CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation...

6.1CVSS6.7AI score0.00374EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.15 views

PT-2024-25627 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue arises from the unsafe direct use of the HTTP REFERER variable in the admin/tool/mfa/index.php file. Specifically, the referrer URL used by Multi-Factor Authentication MFA required...

9.8CVSS5.6AI score0.00944EPSS
Exploits1References48
NVD
NVD
added 2024/05/03 6:15 p.m.23 views

CVE-2023-28952

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463...

5.3CVSS5.7AI score0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 5:39 p.m.14 views

CVE-2023-28952 IBM Cognos Controller log injection

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463...

5.3CVSS6.7AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 8:9 p.m.83 views

CVE-2024-25047

IBM Cognos Analytics is affected by CVE-2024-25047: injection attacks in application logging due to unsanitized user-supplied data. Affected versions are 11.2.0–11.2.4 and 12.0.0–12.0.2. Root cause is improper sanitization in logging code, enabling potential follow-on attacks. IBM recommends upgr...

8.6CVSS6.5AI score0.00643EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.8 views

PT-2024-25628 · Alt Linux +1 · Alt Linux +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns a stored XSS risk due to insufficient sanitizing of ID numbers displayed in the lesson overview report. Recommendations: At the moment, there is no information about a...

9.8CVSS5.5AI score0.00944EPSS
Exploits1References48
OSV
OSV
added 2024/03/29 7:5 p.m.77 views

GHSA-X768-CVR2-345R Un-sanitized metric name or labels can be used to take over exported metrics

Impact In code which applies un-sanitized string values into metric names or labels, like this: swift let lang = try? request.query-getString.self, at: "lang" Counter label: "language", dimensions: "lang", lang ?? "unknown" an attacker could make use of this and send a ?lang query parameter...

5.9CVSS5.5AI score0.00645EPSS
Exploits1References4
NVD
NVD
added 2024/03/26 11:15 p.m.16 views

CVE-2024-25136

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content...

7.5CVSS7.5AI score0.00618EPSS
Exploits0References1
CVE
CVE
added 2024/03/26 10:53 p.m.78 views

CVE-2024-25136

CVE-2024-25136 affects AutomationDirect C-MORE EA9 HMI. The vulnerability is a path traversal flaw where a function allows a relative URL path to be sent without proper sanitization, enabling remote exploitation with low attack complexity. Public sources (ICS advisory ICSA-24-086-01) state vulner...

7.5CVSS7.5AI score0.00618EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:11 a.m.15 views

BIT-MOODLE-2020-25628

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14...

6.1CVSS6AI score0.00973EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:11 a.m.15 views

BIT-MOODLE-2021-20279

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

5.4CVSS5.1AI score0.01001EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:9 a.m.21 views

BIT-MOODLE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS6.4AI score0.01157EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:8 a.m.15 views

BIT-MOODLE-2021-36399

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk...

5.4CVSS5.3AI score0.00516EPSS
Exploits0References2
Rows per page
Query Builder