83 matches found
Design/Logic Flaw
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...
CVE-2022-2935
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2022-29171 Remote Code Execution in sourcegraph
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a callsignCommand, which is used to obtain...
PT-2022-19428 · Grafana +2 · Grafana +2
Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.38.0 Description: The issue concerns Remote Code Execution in the gitserver service of Sourcegraph, a fast and featureful code search and navigation engine. The Gitolite code host integration with Phabricator...
Cross site scripting
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...
CVE-2021-41261
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...
CVE-2021-41261 Stored Cross-site Scripting in Galette
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. The site-admin area can be accessed by regular users. Unprivileged users can have access to daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interac...
CVE-2021-32787
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...
CVE-2021-32787
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...
Information disclosure
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...
CVE-2021-32787
CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...
Default configuration
The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...
CMS Made Simple <= 2.2.16 XSS Vulnerability
CMS Made Simple is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
CMS Made Simple CMSMS 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin My Preferences Title field...
X (Formerly Twitter): NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate.
Summary:user name is not used in authentication leading to direct password submission Description: user name not used in authentication in https://www.mopub.com/login/?next=/dsp-portfolio/ this page is labelled as SITE ADMIN: refer POC can lead to direct submitting of password and this password h...
CMS Made Simple <= 2.2.11 Cross-Site Scripting (XSS) Vulnerability
CMS Made Simple is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-17226
CMS Made Simple CMSMS 2.2.11 allows XSS via the Site Admin Module Manager Search Term field...
CVE-2019-12794
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...
CVE-2019-10106
CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...