6 matches found
EUVD-2026-36126
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.12, which can be exploited by an attacker to bypass XSS protection by changing the name of the phpmyfaq user...
usememos/memos Improper Access Control vulnerability
usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...
GHSA-6W5W-WX8W-2CQ9 usememos/memos Improper Access Control vulnerability
usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...
PYSEC-2014-78
Cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user na...
CVE-2014-3994
Cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user na...