CVE-2026-46402

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

CVE-2026-46402

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

CVE-2026-46402 Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

CVE-2026-46402

Microsoft UFO (open-source framework) 3.0.1-4-ge2626659 exposes a path traversal risk by using the user-controlled task_name when building session log paths, enabling an authenticated client to create log directories/files outside the intended logs/ directory. This can impact integrity and availa...

CVE-2026-46402 Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

PT-2026-44118

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software uses the user-controlled task name value directly when constructing session log...

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from the use of user-controlled taskname values to construct session log path names, which may...

EUVD-2023-53838

Malicious code in bioql PyPI...

CVE-2024-25219

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php...

CVE-2024-8140

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

SourceCodester Task Progress Tracker 跨站脚本漏洞

SourceCodester Task Progress Tracker is a task progress tracker from SourceCodester. A cross-site scripting vulnerability exists in version 1.0 of SourceCodester Task Progress Tracker, which stems from a cross-site scripting vulnerability in the taskname parameter of the update-task.php file...

PT-2024-38829 · Sourcecodester · Sourcecodester Task Progress Tracker

Name of the Vulnerable Software and Affected Versions: SourceCodester Task Progress Tracker version 1.0 Description: A vulnerability was found in the file update-task.php, where the manipulation of the task name argument leads to cross-site scripting. The attack may be launched remotely. The...

SourceCodester Task Progress Tracker 跨站脚本漏洞

SourceCodester Task Progress Tracker is a task progress tracker from SourceCodester. A cross-site scripting vulnerability exists in SourceCodester Task Progress Tracker version 1.0, which stems from an incorrect operation of the parameter taskname that can lead to a cross-site scripting attack...

CVE-2024-28276

Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting XSS via add-task.php?taskname=...

PT-2024-22375 · Unknown · Sourcecodester School Task Manager

Name of the Vulnerable Software and Affected Versions: Sourcecodester School Task Manager version 1.0 Description: The issue is related to Cross Site Scripting XSS via the add-task.php endpoint, specifically the task name parameter. This allows for potential malicious script injection. No...

CVE-2024-25219

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php...

CVE-2024-25219

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php...

Cross site scripting

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php...

PT-2024-20829

Name of the Vulnerable Software and Affected Versions Task Manager App version 1.0 Description A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter in the "/TaskManager/Task.php" API endpoint...

CVE-2024-25219

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php...