34 matches found
EUVD-2020-21817
Malware in sbrugna...
EUVD-2023-26139
Malicious code in bioql PyPI...
CVE-2023-21974
Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2023-21974
Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2023-21974
Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...
Code injection
Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2023-21974
The CVE-2023-21974 entry maps to Oracle Application Express Team Calendar Plugin (versions 18.2–22.1). The vulnerability stems from insufficient input validation in the plugin’s User Account component, allowing a low-privileged attacker with network access via HTTP to compromise the plugin, with ...
Oracle Application Express 安全漏洞
Oracle Application Express is a low-code development platform from Oracle Corporation. A security vulnerability exists in the Application Express Team Calendar Plugin product for Oracle Application Express, which arises from a vulnerability in the User Account module that allows a low-privileged...
PT-2023-3698 · Oracle · Oracle Application Express Team Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Oracle Application Express Team Calendar Plugin versions 18.2 through 22.1 Description: The issue is related to insufficient input validation in the Application Express Team Calendar Plugin component of Oracle Application Express. This easily...
Atlassian Confluence < 7.11.0 SSRF (CONFSERVER-61453)
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.11.0 . It is, therefore, affected by a server-side request forgery SSRF vulnerability in its Team Calendar REST API component. An authenticated, remote attacker can exploit...
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
Cross site scripting
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...
CVE-2020-29444
CVE-2020-29444 affects Atlassian Confluence Server: Team Calendar component is vulnerable to a Cross-Site Scripting (XSS) attack via admin global setting parameters in versions before 7.11.0. The root cause is a failure to properly sanitize inputs in the admin settings, allowing injection of arbi...
Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444
Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...
Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444
Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...
The team calendar event notification should not contain Confluence version number
h3. Issue Summary The team calendar notification template shows the Confluence version number in the footer, which might be a security vulnerability for some customers. h3. Steps to Reproduce Create an event on the Confluence team calendar and wait for the reminder email to be sent. h3. Expected...
Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL
h3. Summary Non Calendar Creator can see the Username and Password Fields to a Calendar subscribed from URL h3. Environment Confluence 6.7.2 Team Calendar 6.0.17 h3. Steps to Reproduce Login as UserA Calendar Creator Create a new Calendar with the Subscribe by URL option Subscribe to any external...
Missing authorization check in Team Calendar addon
We received external report about missing authorization check in Team Calendar addon quote I found a broken authentication in Confluence Team calendar. A restricted team calendar that only related to a certain restricted space and can only be viewed by the creater himself show up in his profile...