Lucene search
K

83 matches found

Prion
Prion
added 2022/09/29 3:15 a.m.21 views

Design/Logic Flaw

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...

3.3CVSS5AI score0.00901EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/09/06 6:15 p.m.23 views

CVE-2022-2935

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00495EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/05/05 11:25 p.m.6 views

CVE-2022-29171 Remote Code Execution in sourcegraph

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a callsignCommand, which is used to obtain...

6.6CVSS7.3AI score0.01235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/05/05 12:0 a.m.5 views

PT-2022-19428 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.38.0 Description: The issue concerns Remote Code Execution in the gitserver service of Sourcegraph, a fast and featureful code search and navigation engine. The Gitolite code host integration with Phabricator...

7.2CVSS7.1AI score0.01235EPSS
Exploits0References5
Prion
Prion
added 2021/12/16 7:15 p.m.15 views

Cross site scripting

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...

3.5CVSS4.8AI score0.0059EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/12/16 7:15 p.m.31 views

CVE-2021-41261

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...

8.1CVSS5.5AI score0.0059EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/12/16 6:10 p.m.22 views

CVE-2021-41261 Stored Cross-site Scripting in Galette

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...

8.1CVSS7.9AI score0.0059EPSS
Exploits0References2
Snyk
Snyk
added 2021/08/03 8:56 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. The site-admin area can be accessed by regular users. Unprivileged users can have access to daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interac...

4.3CVSS7.2AI score0.00649EPSS
Exploits0References2
NVD
NVD
added 2021/08/02 10:15 p.m.27 views

CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

4.3CVSS0.00649EPSS
Exploits0References2
OSV
OSV
added 2021/08/02 10:15 p.m.18 views

CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

4.3CVSS6.7AI score0.00649EPSS
Exploits0References2
Prion
Prion
added 2021/08/02 10:15 p.m.17 views

Information disclosure

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

4CVSS4.7AI score0.00649EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/02 10:0 p.m.50 views

CVE-2021-32787

CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...

4.3CVSS4.3AI score0.00649EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/07/30 10:15 p.m.23 views

Default configuration

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

6.5CVSS7.2AI score0.02032EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2021/04/06 12:0 a.m.16 views

CMS Made Simple <= 2.2.16 XSS Vulnerability

CMS Made Simple is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS5.3AI score0.01574EPSS
Exploits4References1
Prion
Prion
added 2021/03/30 12:16 p.m.17 views

Design/Logic Flaw

CMS Made Simple CMSMS 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin My Preferences Title field...

3.5CVSS5.1AI score0.01574EPSS
Exploits4References2Affected Software1
Hacker One
Hacker One
added 2020/02/07 7:51 p.m.94 views

X (Formerly Twitter): NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate.

Summary:user name is not used in authentication leading to direct password submission Description: user name not used in authentication in https://www.mopub.com/login/?next=/dsp-portfolio/ this page is labelled as SITE ADMIN: refer POC can lead to direct submitting of password and this password h...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2019/10/22 12:0 a.m.16 views

CMS Made Simple <= 2.2.11 Cross-Site Scripting (XSS) Vulnerability

CMS Made Simple is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.8CVSS5AI score0.00585EPSS
Exploits1References1
OSV
OSV
added 2019/10/06 6:15 p.m.3 views

CVE-2019-17226

CMS Made Simple CMSMS 2.2.11 allows XSS via the Site Admin Module Manager Search Term field...

4.8CVSS5.8AI score0.00585EPSS
Exploits1References1
OSV
OSV
added 2019/06/11 5:29 p.m.17 views

CVE-2019-12794

An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...

6.6CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2019/03/26 10:29 p.m.5 views

CVE-2019-10106

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section...

5.4CVSS5.8AI score0.00656EPSS
Exploits1References1
Rows per page
Query Builder