Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-35155

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.8.5 authentik version 2024.8.5 and 2024.10.3 are not affected, but all versions prior to 2024.8.5 are vulnerable. However, the correct interpretation is that versions prior to 2024.8.5 are affected. Corrected...

9.8CVSS5.8AI score0.0106EPSS
Exploits0References11
Prion
Prion
added 2022/08/18 11:15 p.m.10 views

Design/Logic Flaw

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

7.5CVSS9.4AI score0.01035EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/26 12:0 a.m.5 views

PT-2021-23436 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.28 Description: The issue allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. Recommendations: For versions prior to 1.8.28, update to version 1.8....

5.4CVSS5.2AI score0.00477EPSS
Exploits0References7
Hacker One
Hacker One
added 2020/09/28 2:21 p.m.18 views

Open-Xchange: XSS - Search - Unescaped contact job

The function responsible for formatting the contact's job company and position doesn't escape its value, which allows to inject arbitrary HTML content. javascript // master/ui/apps/io.ox/contacts/common-extensions.js // develop/ui/apps/io.ox/contacts/listview.js bright: function baton var text =...

0.6AI score
Exploits0
Rows per page
Query Builder