321 matches found
SQL Injection
moodle/moodle is vulnerable to SQL Injection attacks. The vulnerability exists in getsubwikipages function of external.php due to lack of sanitization of user inputs which allows an attacker to inject and execute arbitrary sql queries...
Cross-Site Scripting (XSS)
thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in record.questions.php due to lack of sanitization of the user inputs of mail parameter which allows an attacker to inject and execute arbitrary javascript...
Cross-site Scripting (XSS)
pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in getLinkContent of link.js due to improper sanitization of user inputs which allows an attacker to inject and execute arbitrary javascript...
Remote Code Execution (RCE)
appium-desktop is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied user inputs allows an attacker to upload and execute malicious code on the system when Appium Desktop's open ports are exposed to the wider internet...
Cross-Site Scripting (XSS)
phpmyfaq is vulnerable to Cross-Site Scripting XSS. The library does not properly escape the user inputs through $editData parameter in configuration.php, before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...
Cross-Site Scripting (XSS)
microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of santization of user inputs in the admin settings, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the system...
CVE-2023-24525
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...
Cross-Site Scripting (XSS)
github.com/grafana/grafana is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the originalUrl parameter which allows an attacker to inject and execute arbitrary JavaScript...
Cross-Site Scripting (XSS)
jsuites is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the Editor function of jsuites.js, which allows an attacker to inject and execute arbitrary JavaScript...
Cross-Site Scripting (XSS)
@builder.io/qwik is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in render-ssr.ts, which allows an attacker to inject and execute arbitrary JavaScript...
Path Traversal
github.com/uber/kraken is vulnerable to Path Traversal. The vulnerability exists because the downloadHandler parameter in the server.go does not properly sanitize the relative file paths and user inputs, allowing an attacker to write arbitrary files outside the expected directory...
Cross-Site Scripting (XSS)
@mattkrick/sanitize-svg is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the deny-list-pattern which allows an attacker to inject and execute arbitrary JavaScript...
SQL Injection
webpa is vulnerable to sql injection. The vulnerability exists because the user provided inputs are not properly validated which allows an attacker to inject and execute malicious SQL queries...
Arbitrary Code Injection
akeneo/pim-community-dev is vulnerable to arbitrary code injection. The vulnerability exists in Location parameter in httpd.conf because of not properly validate user inputs which allows an attacker to inject and execute malicious code into the system...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions due to improper validation of user Inputs, densefeatures and examplestatedata, resulting in a CHECK fail in SdcaOptimizer...
SQL Injection
matrix-appservice-irc is vulnerable to sql injection. The vulnerability exists in getRoomVisibility function in PgDataStore.ts because the user provided inputs are not properly validated which allows an attacker to inject and execute arbitrary SQL commands...
CVE-2022-42992
Multiple stored cross-site scripting XSS vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields...
Denial Of Service (DoS)
parse-server is vulnerable to denial of service. The vulnerability exists in multiple functions due to user inputs not properly validated which allows an attacker to send a file download request with an invalid byte range causing an application crash...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P10 / 4.3 < 4.3 SP2 P6 Multiple Vulnerabilities
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P10, 4.3 SP2 P6 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities: - Under certain conditions an authenticated attacker can get access to OS credentials...