Lucene search
K

222 matches found

Prion
Prion
added 2022/07/07 6:15 p.m.16 views

Cross site scripting

Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...

4.3CVSS6.3AI score0.0054EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/07 5:55 p.m.47 views

CVE-2022-31136 Cross-site Scripting in BookWyrm

Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...

6.3CVSS6.5AI score0.0054EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:21 p.m.6 views

GHSA-H742-XX59-R9PQ Mattermost Server exposes sensitive user status information via REST API version 4 endpoint

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

5.3CVSS6.4AI score0.0092EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.6 views

Mattermost Server exposes sensitive user status information via REST API version 4 endpoint

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

5.3CVSS6.6AI score0.0092EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/20 12:0 a.m.5 views

PT-2022-6498 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 3.5.x through 3.5.2 Description: The issue is related to the undo mark statuses as sensitive method in app/services/approve appeal service.rb, which does not use the server's representative account. This results in moderator...

5CVSS4.7AI score0.00685EPSS
Exploits1References11
Huntr
Huntr
added 2021/12/20 3:13 a.m.12 views

Cross-site Scripting (XSS) - Stored in friends-of-forkcms/fork-cms-module-commerce

Description In the admin section in Commerce - Shop settings - Stock statuses - Edit stock statuses one can add XSS payloads. After adding XSS payloads when a user is visiting Commerce - Shop settings - Stock statuses the JavaScript code will be run. Proof of Concept Go to Commerce - Shop setting...

0.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.7 views

The vulnerability of the OTRS ticket request system, related to deficiencies in processing exceptional statuses, allows a violator to trigger a service denial.

The vulnerability of the OTRS ticket request system is related to deficiencies in handling exceptional situations. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a message containing a specially created URL address...

6.5CVSS5.8AI score0.00976EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2020/11/06 2:15 p.m.4 views

CVE-2020-4482

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856...

6.5CVSS6.2AI score0.00856EPSS
Exploits0References2
NVD
NVD
added 2020/11/06 2:15 p.m.18 views

CVE-2020-4482

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856...

6.5CVSS5.3AI score0.00856EPSS
Exploits0References2
CVE
CVE
added 2020/11/06 1:40 p.m.40 views

CVE-2020-4482

IBM UrbanCode Deploy (UCD) versions affected by CVE-2020-4482 include 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0. A security bypass vulnerability exists where an authenticated user with access to a snapshot can call REST endpoints to apply unauthorized additional statuses, effectively bypassing secur...

6.5CVSS6.1AI score0.00856EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/11/06 1:40 p.m.17 views

CVE-2020-4482

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856...

5.3CVSS6.2AI score0.00856EPSS
Exploits0References2
Hacker One
Hacker One
added 2020/05/06 3:49 p.m.19 views

HackerOne: The hacker has access to the administrative part of the management reports in publish report

Summary: Hi team, @jobert, @bencode . At the moment, I'm not entirely sure that this has a strong effect. But I also assume that this should not be on behalf of the hacker, and also in the future it may create problems, for example when you add new statuses for the report and they will have some...

7.1AI score
Exploits0
OSV
OSV
added 2020/04/27 3:15 p.m.5 views

CVE-2020-12266

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed...

7.5CVSS7.1AI score0.01722EPSS
Exploits0References5
Veracode
Veracode
added 2018/09/14 6:26 a.m.35 views

Denial Of Service (DoS)

libglusterfs.so is vulnerable to a denial of service DoS attack or information disclosures. The library does not restrict the ../ characters from being passed in pathnames, allowing a malicious user to gain access to file statuses or crash the application with a malformed filename...

8.1CVSS8.1AI score0.02771EPSS
Exploits0References9Affected Software7
NVD
NVD
added 2018/07/31 1:29 p.m.25 views

CVE-2018-8020

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate wit...

7.4CVSS7.3AI score0.04199EPSS
Exploits0References13
NVD
NVD
added 2017/10/06 10:29 p.m.19 views

CVE-2015-2142

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...

8CVSS8.1AI score0.01671EPSS
Exploits0References2
Kitploit
Kitploit
added 2015/05/09 7:14 p.m.48 views

Autorize - Automatic Authorization Enforcement Detection (Extension for Burp Suite)

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests. Installation 1. Download Burp...

7.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2011/06/03 4:41 a.m.11 views

Anonymous Leaks 10,000 E-mails of Iranian Government

Anonymous Leaks 10,000 E-mails of Iranian Government A collection of 10,365 e-mails of the Iranian government were leaked by Anonymous OpIran on June 2, 2011. According to members of Anonymous the files were taken after the hacker accessed the Iranian Passport and Visa Office email center. These...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2010/09/27 5:44 p.m.9 views

Workarounds Not Enough to Protect Against ASP.NET Attacks

Microsoft has released updated workaround guidance for the ASP.NET padding oracle vulnerability, suggesting that customers use a technique to block requests that specify an application error. However, the researchers who developed the attack on ASP.NET have said that the workaround is not...

7.2AI score
Exploits0References3
htbridge
htbridge
added 2010/07/27 12:0 a.m.23 views

Cross-site Request Forgery (CSRF) Vulnerabilities in Mystic

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Mystic which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Mystic 1.1 The vulnerability exists due to insufficient validation of the request origin in...

5.1CVSS7.4AI score
Exploits0Affected Software1
Rows per page
Query Builder