29 matches found
CVE-2023-49334
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report...
CVE-2024-14001
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
EUVD-2024-55045
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2024-14001
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2024-14001
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2024-14001
Nagios XI prior to 2024R1.1.3 is vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. The root cause is insufficient validation or escaping of user-supplied input in that component, allowing an attacker to inject and execute arbitrary script in a victim’s browser. ...
CVE-2024-14001 Nagios XI < 2024R1.1.3 XSS via Executive Summary Report
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
PT-2025-44558
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3 Description Nagios XI is susceptible to cross-site scripting XSS through the Executive Summary Report component. A lack of proper input validation or escaping could allow an attacker to inject and execute...
Linux Distros Unpatched Vulnerability : CVE-2023-5551
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. CVE-2023-5551 Note that Nessus...
CVE-2024-36173 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2023-49334
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report...
HackerOne: Attachment disclosure via summary report
A critical vulnerability was discovered in the HackerOne platform that allowed an attacker to gain unauthorized access to attachments belonging to other users through the report summary editing functionality. By manipulating attachment IDs in the request, an attacker could view sensitive files th...
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups...
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups...
UBUNTU-CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups...
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups...
CVE-2023-5551 Moodle: forum summary report shows students from other groups when in separate groups mode
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups...
CVE-2023-5551
Moodle CVE-2023-5551 involves Separate Groups mode: the forum summary report does not honour group restrictions, causing display of users from other groups. The initial entry reports a LOW severity (CVSS 3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N; base 3.3) and notes the issue pertains to the Moodl...
PT-2023-8912 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to the Separate Groups mode in the forum summary report, where restrictions were not properly enforced, allowing the display of users from other groups. This could...
Fedora 39 : moodle (2023-6bd1586dc5)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6bd1586dc5 advisory. Latest updates Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...