Cross-site Scripting Vulnerability in Statement Browser

Impact A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. Patches The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. Workarounds No workarounds exist, we recommend upgrading to version...

GHSA-7RW2-3HHP-RC46 Cross-site Scripting Vulnerability in Statement Browser

Impact A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. Patches The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. Workarounds No workarounds exist, we recommend upgrading to version...

CVE-2024-26140

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...

Design/Logic Flaw

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...

CVE-2024-26140 com.yetanalytics/lrs has Cross-site Scripting Vulnerability in Statement Browser

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...

CVE-2024-26140 com.yetanalytics/lrs has Cross-site Scripting Vulnerability in Statement Browser

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...

CVE-2024-26140 com.yetanalytics/lrs has Cross-site Scripting Vulnerability in Statement Browser

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...

PT-2024-21297 · Unknown +1 · Com.Yetanalytics/Lrs +1

Name of the Vulnerable Software and Affected Versions: com.yetanalytics/lrs versions prior to 1.2.17 SQL LRS versions prior to 0.7.5 Description: A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. No known workarounds exist...

CVE-2023-35188

SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited...

CVE-2023-50395 SQL Injection Remote Code Execution Vulnerability

SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited...

CVE-2023-50395

CVE-2023-50395 concerns the SolarWinds Platform (Orion Platform) with a SQL Injection leading to Remote Code Execution via an update statement. Exploitation requires user authentication; impact is described as high (C/H/I/A) with CVSS v3.1 base score 8.0. Public references indicate multiple sourc...

PT-2024-1656 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code Execution issue was discovered in the SolarWinds Platform, specifically using an update statement. This issue requires user authentication to b...

CVE-2023-50308 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393...

PT-2024-19409 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.0 through 0.3.9 Description: The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the build IR for concat doesn't proper...

WordPress Backup Migration 1.3.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Backup Migration Plugin PHP Filter Chain RCE', 'Description' = %q This module exploits an unauth RCE in the WordPress plugin: Backup...

Sql injection

The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...

Hospital Management System SQL Injection Vulnerability

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. Hospital Management System V4.0 and prior versions suffer from a SQL injection vulnerability that stems from the application's lack ...

Booking Calendar WpDevArt < 3.2.12 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-5674 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...

Loss of Funds for Users Due to Token Purchase after Maximum Supply

Lines of code Vulnerability details Summary When the token's total supply reaches its maximum, users lose funds when attempting to buy tokens, as the transaction completes without minting new tokens. Vulnerability Details To engage in the voting system, users must acquire tokens directly from the...