5 matches found
GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download
Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...
Design/Logic Flaw
Insufficient capability checks made it possible for teachers to download users outside of their courses...
CVE-2021-40692
Insufficient capability checks made it possible for teachers to download users outside of their courses...
CVE-2021-40692
CVE-2021-40692 (Moodle) is described in connected sources as an insufficient capability check that allows teachers to download users outside of their courses. The OSV/NVD entries confirm the vulnerability is an access-control flaw enabling cross‑course user data access. Exploitation details or pa...
Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2020-20382)
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio that stems from the...