Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was caused by the Markdown renderer used in user comments and other user-generated content not properly cleaning certain...

CVE-2018-25249

CVE-2018-25249 concerns the MyBB My Arcade Plugin 1.3, which contains a persistent cross-site scripting (XSS) vulnerability in the arcade game score comments. The issue allows authenticated users to inject HTML/JavaScript payloads in the comment field, which execute when other users view or edit ...

EUVD-2015-6901

Malware in sbrugna...

EUVD-2021-0945

Malware in sbrugna...

EUVD-2018-11265

Malware in sbrugna...

EUVD-2018-6686

Malware in sbrugna...

EUVD-2005-2153

Malware in sbrugna...

EUVD-2023-1210

Malicious code in bioql PyPI...

EUVD-2024-19966

Malicious code in bioql PyPI...

EUVD-2025-18810

Malicious code in bioql PyPI...

CVE-2025-22828

CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...

CVE-2023-30959

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

HackerOne: Private draft report exposure in a program a user is added as a viewer to

A vulnerability was identified where adding a user as a program viewer caused them to be subscribed to draft reports within that program. This subscription resulted in the program viewer receiving notifications for every comment posted on a draft report. The vulnerability led to the exposure of...

The vulnerability of the JetBrains YouTrack project management and task management software, related to bypassing authentication through spoofing, allows a malicious user to create comments from an arbitrary user.

The vulnerability of the JetBrains YouTrack project and task management software relates to the bypassing of authentication processes through phising techniques. Exploiting this vulnerability allows a malicious actor to create comments from an arbitrary user...

The vulnerability of the OTRS request processing system, related to deficiencies in the authentication process, allows a violator to add additional files to the comments of any user.

The vulnerability of the OTRS request processing system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to add additional files to the comments of any user...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

Design/Logic Flaw

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

CVE-2024-22414

CVE-2024-22414 affects the FlaskBlog app. The root cause is improper storage/rendering on the /user/ page due to using the template snippet {{comment[2]|safe}}, which disables HTML escaping via the safe filter. As a result, user comments can render arbitrary JavaScript, enabling XSS. A remediatio...

PT-2024-19405 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog affected versions not specified Description: The issue is related to improper storage and rendering of user comments on the /user/ page, allowing arbitrary javascript code execution. This is due to the use of the |safe tag in the...