EUVD-2020-25292

Malware in sbrugna...

PT-2023-7766 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the User macros function in Nagios XI, which has insufficient access control. This can be exploited by a remote attacker to read, modify, or delete data, or cause ...

CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version...

Design/Logic Flaw

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version...

CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version...

Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. This issue was discovered and reported by GHSL team member...

Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. This issue was discovered and reported by GHSL team member...

Confluence Server Script Injection Vulnerability

Atlassian Confluence Server is a suite of professional enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build an enterprise WiKi. the software enables collaboration and knowledge sharing amongst team members. Confluence Server suffers...

Confluence Server vulnerable to script injection

Overview User Macros of Confluence Server provided by Atlassian Pty Ltd. contains a script injection vulnerability CWE-74. Kanta Nishitani of Information Science College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#37943805: Confluence Server vulnerable to script injection

User Macros of Confluence Server provided by Atlassian Pty Ltd. contains a script injection vulnerability CWE-74. Impact When the administrator embeds a malicious script into User Macros, the embedded script may be executed on the user's web browser. Solution Update the Software Update to the...

XSS in User Macros, Macro Title and Icon URL

h2. Summary System Administrator is allowed to input JS/CSS in Macro Title and Icon URL in Macro Editor. The script input in the fields can be executed when user open "Macro" selection window. h2. How to reproduce Go to "Edit User Macro" as Confluence Administrator. !Screen Shot 2018-06-14 at...

CVE-2017-18084

The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the description of a macro...

XSS in User Macros Description Field

We received external report about XSS in User Macros Field: quote The description field in User Macros is vulnerable to persistent XSS. The XSS will be executed when the user chooses the macro from the macro selector. quote Steps to reproduce: 1 Go to http://localhost:8090/admin/usermacros.action...

admin/dev/usermacros.jsp lacks an XSRF token to add and remove user macros from Confluence.

admin/dev/usermacros.jsp does not require a csrf token to add and remove user macros from Confluence. This could allow an attacker to introduce a malicious user macro with 'bad' html and or javascript into a confluence instance through a csrf attack on an admin user...

default config values restored

This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...

IBM Net.Commerce 2.03.x4.x - orderdspc.d2w order_rn Option SQL Injection

IBM Net.Commerce 2.03.x4.x - orderdspc.d2w orderrn Option SQL Injection source: https://www.securityfocus.com/bid/2350/info IBM's Net.Commerce ecommerce platform supports macros which, by default, do not properly validate requests in user-supplied input. A thoughtfully-formed request to a...