321 matches found
Remote Code Execution
compositec1.core is vulnerable to remote code execution. Improper deserialization of untrusted user inputs in CompositeJsonSerializer.cs allows an authenticated attacker to upload and execute malicious code on the system under attack...
CVE-2022-32229
A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...
Information disclosure
A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...
CVE-2022-32229
A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...
Cross-site Scripting (XSS)
github.com/drakkan/sftpgo is vulnerable to cross-site scriptingXSS attacks. The library does not properly escape the user inputs into several methods in WebClient component, allowing an attacker to inject and execute malicious javascript...
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document default in a public wiki or for authenticated users on private wikis to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows bypassi...
Design/Logic Flaw
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
Cross-Site Scripting (XSS)
exceedone/exment and exceedone/laravel-admin are vulnerable to cross-site scripting. The vulnerability exists because the user inputs are not properly escaped in multiple functions which allows an attacker to inject and execute arbitrary java and SQL scripts...
Design/Logic Flaw
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...
Path Traversal
CureKit is vulnerable to path traversal. The vulnerability exists in isFileOutsideDir function in FileSecurityUtils.java because it doesn't properly sanitize the user inputs which allows an attacker to gain access to the files in the system...
Cross-site Scripting (XSS)
contao/core-bundle is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript...
SAP BusinessObjects Business Intelligence Platform Stored XSS (3150845)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a stored cross-site scripting XSS vulnerability. An unauthenticated attacker can exploit this to access certain reports causing an limited impact on the confidentiality of the...
CVE-2022-26105
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...
Denial Of Service (DoS)
podman is vulnerable to denial of service. The vulnerability exists due to lack of sanitization of user inputs allowing an attacker to crash the system...
Cross-site Scripting (XSS)
weblate is vulnerable to cross-site scripting. An attacker is able to inject malicious script via user name and language parameters because user inputs were not escaped...
Cross-site Scripting (XSS)
ptrofimov/beanstalkconsole is vulnerable to cross-site scripting. The vulnerability exists in include.php due to improper sanitizing of user inputs which allows an attacker to insert and execute arbitrary Javascript...
Cross-site Scripting (XSS)
pimcore/pimcore is vulnerable to cross-site scripting XSS attacks. The library does not properly escape user inputs in thumbnailTreeAction and videoThumbnailTreeAction functions in SettingsController.php, allowing a malicious user to inject and execute arbitrary javascript...
Cross-site Scripting (XSS)
netgen/tagsbundle is vulnerable to cross-site scripting XSS attacks. Tags Admin interface does not properly escape user inputs, allowing a malicious user to bypass the filters to inject and execute arbitrary javascript...