GHSA-52Q4-3XJC-6778 OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName

Summary Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Google Chat group...

EUVD-2022-50799

Malicious code in bioql PyPI...

CVE-2022-48085

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

CVE-2022-48085

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

CVE-2022-48085

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

Design/Logic Flaw

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

CVE-2022-48085

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

CVE-2022-48085

CVE-2022-48085 affects Softr v2.0, with a reported HTML injection vulnerability in the Work Space Name parameter. The CVSS 3.1 base score is 5.4 (Medium) with Network attack vector, low attack complexity, privileges required: Low, user interaction required, and impact primarily on confidentiality...

CVE-2022-48085

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

HumHub Cross-Site Scripting Vulnerability (CNVD-2022-82657)

HumHub is a set of open source social networking software written on the Yii PHP framework. HumHub suffers from a cross-site scripting vulnerability that could be exploited by attackers to insert malicious javascript into the space name...

HumHub 跨站脚本漏洞

HumHub is a set of open source social networking software written on the Yii PHP framework. HumHub suffers from a cross-site scripting vulnerability that could be exploited by attackers to insert malicious javascript into the space name...

XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities

No description provided by source. Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz:...

XWiki 4.2-milestone-2 Cross Site Scripting

Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz: @aviadgolan , @benhayak,...

XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz: @aviadgolan , @benhayak,...

XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities

XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link:...

XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version:...

XSS vulnerability in space name when page move would create a duplicate

Create a space called alert"XSS"; Find a page named 'Home' in a different space Move this page, choosing the previously created space as the destination The move will fail due to the duplicate page name, and the script will be run...

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...

XSS vulnerability: space name and key not validated nor escaped

Email sent from Igor: quote The problem: The input for space name and key is not being validated properly. I created a JIRA for lacking length validation CONF-8894 and later on I noticed that any characters in the input for space name are allowed. Combine that with another batch of bugs - space...