7 matches found
EUVD-2022-33950
Malicious code in bioql PyPI...
EUVD-2022-1025
Malicious code in bioql PyPI...
CVE-2025-49585 XWiki does not require right warnings for XClass definitions
XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...
GHSA-MVGM-3RW2-7J4R org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
Impact When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed afte...
CVE-2015-5475
Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...
CVE-2015-5475
Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...
ntopng 1.2.0 - Cross-Site Scripting Injection
ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...