Lucene search
K

5 matches found

OSV
OSV
added 6 days ago3 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
Prion
Prion
added 2022/09/29 3:15 a.m.22 views

Design/Logic Flaw

Insufficient capability checks made it possible for teachers to download users outside of their courses...

4CVSS4.6AI score0.00626EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/09/29 3:15 a.m.32 views

CVE-2021-40692

Insufficient capability checks made it possible for teachers to download users outside of their courses...

4.3CVSS5.9AI score0.00626EPSS
Exploits0References1
CVE
CVE
added 2022/01/21 6:17 p.m.68 views

CVE-2021-40692

CVE-2021-40692 (Moodle) is described in connected sources as an insufficient capability check that allows teachers to download users outside of their courses. The OSV/NVD entries confirm the vulnerability is an access-control flaw enabling cross‑course user data access. Exploitation details or pa...

4.3CVSS4.6AI score0.00626EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/11/13 12:0 a.m.4 views

Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2020-20382)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio that stems from the...

6.5CVSS6.8AI score0.03116EPSS
Exploits0References1
Rows per page
Query Builder