Lucene search
+L

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3374

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01927EPSS
Exploits1References9
OSV
OSV
added 2022/05/17 4:55 a.m.30 views

GHSA-9GGP-5RF4-X7Q9 Fat Free CRM vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...

6.5CVSS8AI score0.01927EPSS
Exploits1References8
NVD
NVD
added 2019/08/21 7:15 p.m.20 views

CVE-2019-15074

The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...

9.6CVSS8.7AI score0.02067EPSS
Exploits1References2
OSV
OSV
added 2019/08/21 7:15 p.m.14 views

CVE-2019-15074

The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...

9.6CVSS6.5AI score
Exploits0References2
CVE
CVE
added 2019/08/21 6:23 p.m.50 views

CVE-2019-15074

CVE-2019-15074 describes a stored XSS in MantisBT (Timeline feature in my_view_page.php) affecting versions up to 2.21.1. The vulnerability occurs when an attacker uploads an attachment with a crafted filename; the injected script is executed for any user who can view the issue when My View Page ...

9.6CVSS8.6AI score0.02067EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/08/21 6:23 p.m.26 views

CVE-2019-15074

The Timeline feature in myviewpage.php in MantisBT through 2.21.1 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the...

8.8AI score0.02067EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2019/02/20 8:0 a.m.27 views

February 19, 2019—KB4487029 (OS Build 17134.619)

None None...

6.1AI score
Exploits0
NVD
NVD
added 2014/01/02 2:59 p.m.18 views

CVE-2013-7225

Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...

6.5CVSS8.1AI score0.01927EPSS
Exploits1References7
Cvelist
Cvelist
added 2014/01/02 11:0 a.m.26 views

CVE-2013-7225

Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...

8.1AI score0.01927EPSS
Exploits1References7
Rows per page
Query Builder