9 matches found
EUVD-2022-3374
Malicious code in bioql PyPI...
GHSA-9GGP-5RF4-X7Q9 Fat Free CRM vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...
CVE-2019-15074
The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...
CVE-2019-15074
The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...
CVE-2019-15074
The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...
CVE-2019-15074
CVE-2019-15074 describes a stored XSS in MantisBT (Timeline feature in my_view_page.php) affecting versions up to 2.21.1. The vulnerability occurs when an attacker uploads an attachment with a crafted filename; the injected script is executed for any user who can view the issue when My View Page ...
February 19, 2019—KB4487029 (OS Build 17134.619)
None None...
CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...
CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...