14 matches found
EUVD-2020-5601
Malware in sbrugna...
CVE-2020-13344
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis...
CVE-2025-47280
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
CVE-2024-35224
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...
CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...
CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...
GitLab 8.11.0-rc6 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13332)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
123-x-ed-eied (>=1.0.5 <=1.0.6), 24social-ui (>=1.0.0 <=1.0.5) +4087 more potentially affected by CVE-2023-46298 via next (>=10.0.0 <=13.4.2)
next NPM version =10.0.0, =1.0.5, =1.0.0, =1.0.51, =0.0.23, =1.6.1, =0.3.0, =0.0.1, =0.0.1, =0.2.105, =0.2.50, =2.0.0, =2.3.1 and more Source cves: CVE-2023-46298 Source advisory: OSV:GHSA-C59H-R6P8-Q9WC...
XWiki LFI Vulnerability (GHSA-2jhm-qp48-hv5j)
XWiki is prone to a local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
GitLab Resource Management Error Vulnerability (CNVD-2020-63397)
GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. A security...
CVE-2020-13340
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log...
CVE-2020-13346
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...
Vulnerabilities fixed in GitLab
Several vulnerabilities have been fixed in GitLab. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights Access to sensitive da...
PT-2020-13483 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: The issue is related to the lack of rate limiting when re-sending confirmation emails. Recommendations: For versions prior to 13.2.1...