EUVD-2006-7107

Malware in sbrugna...

EUVD-2022-29989

Malicious code in bioql PyPI...

EUVD-2022-29991

Malicious code in bioql PyPI...

Mattermost Authorization Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from improper authorization of the Viewer role, which can be exploited by an attacker to still view team and site statistics...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in model/role.go. A user with the Viewer role, configured with No Access to Reporting, can access team and site statistics. Remediation Upgrade github.com/mattermost/mattermost/server/public/model to version 0.1....

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in model/role.go. A user with the Viewer role, configured with No Access to Reporting, can access team and site statistics...

CVE-2025-1472 Unauthorized View Access to Site Statistics and Team Statistics

Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...

CVE-2025-1472 Unauthorized View Access to Site Statistics and Team Statistics

Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...

CVE-2025-1472

CVE-2025-1472 corresponds to Mattermost where versions 9.11.x up to 9.11.8 suffer from an authorization flaw in the Viewer role (configured with No Access to Reporting) that allows viewing team/site statistics. The CVE entry indicates a CVSSv3.1 base score of 4.3 (Medium) with Network attack vect...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from improper authorization of the Viewer role, which can be exploited by an attacker to still view team and site statistics...

CVE-2022-25307

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when sit...

WordPress WP Statistics plugin跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress WP Statistics plugin 13.1.5 and earlier versions have a cross-site scripting vulnerability that can be exploited...

WordPress and WordPress plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress plugin WP Statistics has a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary web...

WordPress plugin WP Statistics 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Statistics plugin 13.1.5 and earlier versions have a cross-site scripting vulnerability that can be exploited by attacker...

CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

Flowerfire Sawmill 5.0.21 Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1403/info Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill bid = 1402 could allow an...

Sijio Community Software SQL Injection/Persistent XSS Vulnerability

Exploit for php platform in category web applications =================================================================== Sijio Community Software SQL Injection/Persistent XSS Vulnerability ===================================================================...

CVE-2006-7125

Cross-site scripting XSS vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics...

CVE-2006-7125

The CVE-2006-7125 entry describes a Cross-site Scripting (XSS) vulnerability in Joomla BSQ Sitestats versions 1.8.0 and 2.2.1. The issue allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly sanitized when an administrator views site sta...

CVE-2006-3585

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the 1 login parameter in admin/cms/index.php, 2 unspecified parameters in the "Supply news" page in formmail.php, 3 the URL in the "Site statistics" page, and...