25 matches found
CVE-2026-45715 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...
EUVD-2020-23757
Malware in sbrugna...
EUVD-2017-15996
Malware in sbrugna...
EUVD-2018-8208
Malware in sbrugna...
CVE-2020-8981
A cross-site scripting XSS vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repodelete.php Delete Repository page allows execution of arbitrary code via a repo name if CSP settings permit it. This is related to CVE-2018-16362...
CVE-2020-36192
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...
CVE-2020-36192
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...
CVE-2020-36192
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...
Design/Logic Flaw
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...
CVE-2020-36192
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues either marked as Private, or part of a private Project, if they are attached to an existing Changeset. The information is visible on the view.php...
CVE-2020-36192
The CVE-2020-36192 entry concerns the Source Integration plugin for MantisBT prior to version 2.4.1. The underlying issue allows an attacker to access the Summary field of private issues (private or in private projects) when they are tied to an existing Changeset. The leakage is observable on vie...
CVE-2020-8981
A cross-site scripting XSS vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repodelete.php Delete Repository page allows execution of arbitrary code via a repo name if CSP settings permit it. This is related to CVE-2018-16362...
CVE-2020-8981
A cross-site scripting XSS vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repodelete.php Delete Repository page allows execution of arbitrary code via a repo name if CSP settings permit it. This is related to CVE-2018-16362...
Cross site scripting
A cross-site scripting XSS vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repodelete.php Delete Repository page allows execution of arbitrary code via a repo name if CSP settings permit it. This is related to CVE-2018-16362...
CVE-2020-8981
A cross-site scripting XSS vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repodelete.php Delete Repository page allows execution of arbitrary code via a repo name if CSP settings permit it. This is related to CVE-2018-16362...
CVE-2020-8981
The CVE-2020-8981 entry is linked to the MantisBT Source Integration plugin and is corroborated by multiple sources describing a cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages (via repo_manage_page.php or list.php). The related exploitation path can le...
MantisBT Source Integration Plugin Cross-Site Scripting Vulnerability
MantisBT is MantisBT team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations . Source Integration plugin is used in which a source code control integration plugin . A cross-site scripting...
CVE-2018-16362
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting XSS vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code if CSP settings permit it via repomanagepage.php or list.php...
CVE-2018-16362
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting XSS vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code if CSP settings permit it via repomanagepage.php or list.php...
CVE-2018-16362
CVE-2018-16362 affects the Source Integration plugin for MantisBT, vulnerable in versions prior to 1.5.9 and 2.x prior to 2.1.5. The issue is a cross-site scripting (XSS) flaw on the Manage Repository and Changesets List pages, exploitable to run arbitrary code if CSP settings permit it via repo_...