2 matches found
postgresql: Uncontrolled search path element in CREATE EXTENSION
A flaw was found in PostgreSQL, where some PostgreSQL extensions did not use the searchpath safely in their installation script. This flaw allows an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the extension's installation or updat...
CVE-2020-13992
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...