EUVD-2018-18851

Malware in sbrugna...

MAL-2025-21281 Malicious code in generator-dr-service-template (npm)

The package generator-dr-service-template was found to contain malicious code...

Malicious code in generator-dr-service-template (npm)

The package generator-dr-service-template was found to contain malicious code...

CVE-2022-45051

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability...

PT-2024-5930 · Django +5 · Django +5

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.15 Django versions 5.0 through 5.0.8 Django versions 5.1 through 5.1.0 Description: The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...

CVE-2024-32479 LibreNMS's Improper Sanitization on Service template name leads to Stored XSS

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...

PT-2024-24602 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.4.0 Description: The issue is related to improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. This can be exploited by modifying the template name with crafted...

CVE-2024-24680

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...

Cross site scripting

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability...

Axiell Iguana CMS 跨站脚本漏洞

Axiell Iguana CMS is a control-based platform from Axiell Inc. for personalizing and communicating with customers. Axiell Iguana CMS suffers from a security vulnerability that originates from an error in the module parameter of Service.template.cls, which can be exploited by an attacker to execut...

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption...

CVE-2019-13007

Removed by vendor...

FreeBSD : Gitlab -- Multiple Vulnerabilities (4ea507d1-9da8-11e9-a759-001b217b3468)

Gitlab reports : Ability to Write a Note to a Private Snippet Recent Pipeline Information Disclosed to Unauthorised Users Resource Exhaustion Attack Error Caused by Encoded Characters in Comments Authorization Issues in GraphQL Number of Merge Requests was Accessible Enabling One of the Service...

FreeBSD : Gitlab -- Multiple vulnerabilities (d889d32c-ecd9-11e8-9416-001b217b3468)

Gitlab reports : Persistent XSS Autocompletion Unauthorized service template creation C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and us...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Persistent XSS Autocompletion Unauthorized service template creation...

GitLab: Exfiltrate and mutate repository and project data through injected templated service

The GitLab import feature contains a vulnerability that allows an attacker to import a project that creates a service template. Service templates can normally only be created by a GitLab instance Administrator. When a new project is created, service templates are automatically initialized for the...

CVE-2018-7108

HPE StorageWorks XP7 Automation Director AutoDir version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a...

System Center Virtual Machine Manager, version 1807

System Center Virtual Machine Manager, version 1807 Applies to:System Center Virtual Machine Manager, version 1807 Introduction This article describes the issues that are fixed in System Center Virtual Machine Manager, version 1807. There are three downloads available for Virtual Machine Manager:...