CVE-2022-45875

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

PYSEC-2023-4

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions...

CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

CVE-2022-45875

Apache DolphinScheduler (CVE-2022-45875) is affected by improper validation of script alert plugin parameters, allowing remote command execution. The issue affects 3.0.1 and earlier, and 3.1.0 and earlier; authenticated users who can log in to DolphinScheduler could exploit it. CVSSv3.1 base scor...

CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin

Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...

Apache DolphinScheduler 输入验证错误漏洞

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is vulnerable to an input validation error in Apache DolphinScheduler, which stems from incorrect validation of the script alert plugin parameter. No detailed vulnerability...

PT-2023-14788 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.0.1 and prior versions Apache DolphinScheduler versions 3.1.0 and prior versions Description: The issue is related to improper validation of script alert plugin parameters in Apache DolphinScheduler, which c...

Online Reviewer Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Online Reviewer Management System Persistent Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/reviewer0.zip Version: 1.0 Tested on Windows 10 @attack request...

beleuchtungdirekt.ch XSS vulnerability

Open Bug Bounty ID: OBB-453843 Description| Value ---|--- Affected Website:| beleuchtungdirekt.ch Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

damrong-journal.su.ac.th XSS vulnerability

Vulnerable URL: http://www.damrong-journal.su.ac.th/index.php?page=publicationid=2409%22%3E%3Cscript%3Ealert0;%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown...

Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated Stored XSS

If the option "I'm behind a proxy" is enabled, the visitor IP is read from X-Forwarded-For header, stored & printed in the admin panel without any sanitization / validation. Set the X-Forwarded-For header to alert1, and perform an incorrect login...

elemanonline.com.tr XSS vulnerability

Vulnerable URL: http://www.elemanonline.com.tr/isilanlari.php?aranan=%3Cscript%3Ealert%28%22XSSPOSED%22%29%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 21170 Google...

Vanilla Forums LatestComment 1.1 Plugin Persistent XSS

No description provided by source. Title: Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Latest Comment 1.1...

Opial 1.0 - Arbitrary File Upload/XSS/SQL Injection Vulnerabilities

No description provided by source. ::::::::::::::::::::R3AL.RU:::::::::::::::::::: Opial 1.0 Arbitrary File Upload & XSS & SQL Injection genresparent Author: LMaster Greetz: r3al.ru Official Site with demo: http://www.opial.com --Arbitrary File Upload-- 1. Go to http://www.site.com/register.php 2...

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

WordPress Occasions Plugin 1.0.4 - CSRF Vulnerability

Exploit for php platform in category web applications CSRF Occasions alert1" / document.forms0.submit; 0day.today 2018-03-31...

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

phpcms v9. 1. 1 5 sql and XSS exploits-vulnerability warning-the black bar safety net

phpcms v9. 1. 1 5 The official demo site has been updated to 9.1.16: the http://v9.demo.phpcms.cn/ XSS public function publicgetsuggestkeyword $url = $GET'url'.'& q='.$ GET'q'; echo $url; $res = @filegetcontents$url; ifCHARSET != 'gbk' $res = iconv'gbk', CHARSET, $res; echo $res; Use method:...

Charles River Web CMS Cross Site Scripting

Exploit Title : Charles-River-Web Cms Cross Site Scripting Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir & Http://Security7.ir Software Link : http://www.charlesriverweb.com/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu - Windows Server -...