377 matches found
CVE-2024-1599
This CVE entry is rejected/not used and does not represent an active vulnerability.
LimeSurvey Community 5.3.32 Cross Site Scripting
Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...
The vulnerability of the control interface for the Citrix SD-WAN software allows a hacker to disclose protected information.
The vulnerability of the Citrix SD-WAN network management software interface is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially crafted HTTP request...
CVE-2024-25063
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to...
CVE-2024-25064
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...
CVE-2024-25064
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...
Input validation
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...
CVE-2024-25063
CVE-2024-25063 affects HikCentral Professional (Hikvision). The issue is due to insufficient server-side validation (inadequate access control), potentially allowing an attacker to access URLs they should not reach. Public references in connected documents point to HikCentral Professional up to v...
PT-2024-2150 · Hikvision · Hikcentral Professional
Name of the Vulnerable Software and Affected Versions: HikCentral Professional affected versions not specified Description: The issue is related to insufficient server-side validation, which could allow an attacker to gain access to certain URLs that they should not have access to. This is a...
PT-2024-2300 · Hikvision · Hikcentral Professional
Name of the Vulnerable Software and Affected Versions: HikCentral Professional affected versions not specified Description: The issue is related to insufficient server-side validation, allowing an attacker with login privileges to access certain resources by changing parameter values. This could...
PYSEC-2024-126
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
Cross site scripting
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
PT-2024-13407 · Django +1 · Django +1
Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.9.2 Description: The issue is a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the...
WSO2 API Manager Security Vulnerability
WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager that stems from the lack of server-side input validation in the API Store...
PT-2023-32784 · Wso2 · Wso2
Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: The issue is related to a lack of server-side input validation in the Forum feature, which could allow API rating manipulation. Recommendations: At the moment, there is no information...
Stored XSS via SVG File Upload
Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Workaround Implement the server side file validation...
GHSA-6XMX-85X3-4CV2 Stored XSS via SVG File Upload
Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Workaround Implement the server side file validation...
Input validation
Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...
CVE-2023-49279 Umbraco CMS vulnerable to stored XSS via SVG File Upload
Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...