137 matches found
GHSA-HFXP-J95J-CWRP uvdesk/community-skeleton vulnerable to Stored Cross-site Scripting
Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...
CVE-2023-1197
Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...
CVE-2023-1197 Cross-site Scripting (XSS) - Stored in uvdesk/community-skeleton
Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...
CVE-2023-1197 Cross-site Scripting (XSS) - Stored in uvdesk/community-skeleton
Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...
PT-2023-16813 · Unknown · Uvdesk Community Skeleton
Name of the Vulnerable Software and Affected Versions: uvdesk/community-skeleton versions prior to 1.1.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation or escaping, allowing...
CVE-2023-1197
CVE-2023-1197 is a Stored XSS vulnerability in uvdesk/community-skeleton prior to 1.1.0. Multiple sources describe the issue as a Stored XSS affecting the UVDesk Community Skeleton web app, with exploitation tied to storing and displaying unvalidated user input. The commonly cited remediation is ...
community-skeleton 跨站脚本漏洞
community-skeleton is a service-oriented, event-driven, extensible open source helpdesk system. A cross-site scripting vulnerability exists in community-skeleton versions prior to 1.1.0. An attacker can exploit this vulnerability to perform cross-site scripting attacks...
CVE-2023-1197 Cross-site Scripting (XSS) - Stored in uvdesk/community-skeleton
Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...
SUSE CVE-2007-6755
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...
SUSE CVE-2016-1567
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."...
GSD-2023-1000801 selftests/bpf: Fix memory leak caused by not destroying skeleton
selftests/bpf: Fix memory leak caused by not destroying skeleton This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
flask-mongo-skel 路径遍历漏洞
flask-mongo-skel is a Flask MongoDB framework from Shamail Tayyab's personal developer. flask-mongo-skel 2012-11-01 and earlier versions contain a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter resource or file paths for The vulnerability is...
MAL-2022-4057 Malicious code in js-lib-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 300c23e0226af335d91bfff2ee623b8ef68db10029d130c174666ddd22860de4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6146 Malicious code in skeleton-js-task (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c2f3c9c7ce2f71199cea3f5c79c2259aa9f2125d429af0729153ca520c76eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in skeleton-js-task (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c2f3c9c7ce2f71199cea3f5c79c2259aa9f2125d429af0729153ca520c76eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5493 Malicious code in protractor-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 398bc113b61996f88264d11340911401694d080a3831d6d91d2144c51c860a2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in protractor-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 398bc113b61996f88264d11340911401694d080a3831d6d91d2144c51c860a2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GSD-2022-1002099 libbpf: Fix possible NULL pointer dereference when destroying skeleton
libbpf: Fix possible NULL pointer dereference when destroying skeleton This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...
Mageia: Security Advisory (MGASA-2019-0155)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...