15 matches found
EUVD-2026-34257
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
CVE-2026-41936 Vvveb < 1.0.8.2 XML External Entity Injection via Import
Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...
EUVD-2022-26868
Malicious code in bioql PyPI...
Cross Site Scripting (XSS)
drupal/core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to Drupal configurations using the WYSIWYG CKEditor, which can be exploited by an attacker with content creation or editing capabilities to target users with access to CKEditor, including site admins with privileged...
Cross-site Scripting (XSS)
drupal/core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to Drupal configurations using the WYSIWYG CKEditor, which can be exploited by an attacker with content creation or editing capabilities to target users with access to CKEditor, including site admins with privileged...
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content even without...
Drupal core Cross-Site Scripting (XSS) vulnerabilities
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content even without...
REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018
The Rest views module lets site admins create rest exports in views with additional options for serializing data. This module does not accurately check access and may expose paths to unpublished content. This vulnerability is mitigated by the fact that there must be a specific content structure t...
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...
CVE-2022-21644
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
Sql injection
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
CVE-2022-21644 SQL Injection via search in USOC
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
Design/Logic Flaw
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...
CVE-2019-12794
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...
4 big business sites database backup leaked by Serious BLack !
4 big business sites database backup leaked by Serious BLack ! One of the Indian hacker "Serious BLack " found the SQL database backup on the 4 big business sites. These SQL dumps are hosted by Site admins on FTP that has been leaked. Sites are: =...