Tiny Technologies TinyMCE 跨站脚本漏洞

TinyMCE is a rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained cross-site scripting vulnerabilities. These vulnerabilities stemmed from uncleaned data-mce- attributes, which could lead to storage-type XSS attacks...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean the frmaddstr POST parameter in ics205a.php, allowing for th...

PhoenixStorybook 代码注入漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.5.0 to 1.1.0 had a code injection vulnerability. This vulnerability stemmed from uncleaned attribute value interpolation, which led to code...

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient cleanup of the appName parameter input, lack of pattern validation, and dire...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain cross-site scripting vulnerabilities. This vulnerability arises from the lack of HTML cleaning of user input in objects/notifySubscribers.json.php, which...

Cockpit 操作系统命令注入漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Cockpit has a vulnerability related to operating system command injection. This vulnerability stems from the lack of cleaning of user-controlled parameters in the system log user interface. This allows remote...

Mapserver 安全漏洞

Mapserver is an open-source platform developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the web. Vulnerabilities existed in MapServer versions from 6.0 to 8.6.2. These vulnerabilities stemmed from the combination of the...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of cleanup of output file names. When extracting malicious archive files, t...

School Management System 安全漏洞

School Management System is a school management system developed by ManiKandan G, based on PHP and MySQL. There is a security vulnerability in School Management System, which stems from the uncleaned type parameter in the register.php file. This vulnerability could allow unauthorized remote...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the killsession command. This vulnerability could allow...

SourceCodester Engineers Online Portal 安全漏洞

SourceCodester Engineers Online Portal is an online portal for engineers, developed by SourceCodester as open source. Version 1.0 of the SourceCodester Engineers Online Portal contains a security vulnerability. This vulnerability stems from the newpassword parameter in the updatepassword.php file...

Tophat 操作系统命令注入漏洞

Tophat is a test tool open sourced by Shopify. Versions of Tophat prior to 2.5.1 contained an operating system command injection vulnerability. This vulnerability stemmed from uncleaned parameters, which could lead to remote code execution...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned or improperly encoded dashboard search parameters, which could lead to cross-site scripting attacks...

xyOps 跨站脚本漏洞

xyOps is a multi-server task scheduling and execution platform developed by Joseph Huckaby. Versions of xyOps prior to 0.9.111 contained a cross-site scripting vulnerability. This vulnerability stemmed from servers failing to clean up the data stored in the job output fields, allowing...

KubeAI 操作系统命令注入漏洞

KubeAI is an open-source AI inference platform for deploying and scaling machine learning models on Kubernetes. Versions of KubeAI prior to 0.23.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of uncleaned model URL components by...

Kiro IDE 安全漏洞

Kiro IDE is an integrated development environment developed by Kiro as open source. Versions of Kiro IDE prior to 0.8.140 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned inputs during the webview generation in the Kiro Agent, which could allow remote, unverified...

InvoiceShelf 代码问题漏洞

InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the invoice PDF generation module, which could lead to...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.63 and 9.7.0-alpha.7. These vulnerabilities stemmed from the fact that the password...

SourceCodester Sales and Inventory System 安全漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the parameter limit...