15 matches found
trends-widget Cross-Site Scripting Vulnerability
Trends-Widget is a plugin developed by Zain Ali, a personal developer for MyBB. Version 1.2 of Trends-Widget contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for thread titles, which may lead to cross-site scripting attacks...
EUVD-2019-0024
Malware in sbrugna...
EUVD-2023-40426
Malicious code in bioql PyPI...
CVE-2023-36466
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passe...
CVE-2017-1002152
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles...
CVE-2023-36466 Topic Title Validation Skipped When Changing Category in Discourse
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passe...
CVE-2023-36466 Topic Title Validation Skipped When Changing Category in Discourse
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passe...
Discourse 3.1.x < 3.1.0.beta6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Discourse < 3.0.5 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Discourse 授权问题漏洞
Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from an authorization issue vulnerability that stems from allowing attackers to bypass topic title validation. Affected products and versions:...
PT-2023-3566 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed version Description: The issue is related to insufficient input validation when processing topic titles, allowing a remote attacker to impact the integrity and availability ...
PYSEC-2019-150
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles...
PT-2019-7859 · Fedora · Bodhi
Name of the Vulnerable Software and Affected Versions: Bodhi versions 2.9.0 and lower Description: The issue is related to cross-site scripting, which can result in code injection due to incorrect validation of bug titles. Recommendations: For Bodhi versions 2.9.0 and lower, update to a version...
Crlf injection
mailhtml template in Squishdot 1.5.0 and earlier does not properly validate the 1 email and 2 title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability...
CVE-2006-0712
The CVE-2006-0712 issue affects Squishdot before 1.5.0 and its mail_html template, where improper validation of the (1) email and (2) title variables enables remote attackers to inject SMTP headers (likely via CRLF) and bypass spam filters. The root cause is input validation gaps in the mail_html...