151 matches found
CVE-2024-54951
Monica 4.1.2 is vulnerable to Cross Site Scripting XSS. A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS...
Monica 安全漏洞
Monica is an AI assistant from Monica Inc. A security vulnerability exists in Monica version 4.1.2 that originates from a malicious user being able to create a contact that is formatted incorrectly and use it in the HOW YOU MET customization option to trigger cross-site scripting...
CVE-2024-54951
CVE-2024-54951 affects Monica 4.1.2 and enables Cross Site Scripting (XSS) by creating a malformed contact and using it in the How You Met customization field to trigger the payload. Connected sources consistently describe an XSS vector originating from the contact data used in the How You Met op...
PT-2025-6719 · Monica · Monica
Name of the Vulnerable Software and Affected Versions: Monica version 4.1.2 Description: The issue allows a malicious user to create a malformed contact and use it in the "HOW YOU MET" customization options to trigger Cross Site Scripting XSS. Recommendations: For Monica version 4.1.2, as a...
CVE-2020-5262
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the lastname parameter the General Information module...
PT-2025-3088 · Monicahq · Monicahq
Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.1.2 Description: The issue is related to an authenticated Client-Side Injection vulnerability in MonicaHQ. This vulnerability can be exploited via the Reason parameter at the "/people/h:id/debts/create" API endpoint...
MonicaHQ 安全漏洞
MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version v4.1.2 that stems from the Reason parameter containing authenticated client-side injection...
PHP-Textile has persistent XSS vulnerability in image link handling
Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input such as user comments to be parsed and handled safely by the...
OpenHarmony 资源管理错误漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom OpenAtom Foundation. A resource management error vulnerability exists in OpenHarmony version v4.1.2 and earlier versions, which stems from memory reuse after release, resulting in a denial of service...
PYSEC-2024-124
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS.This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...
django CMS 安全漏洞
django CMS is django CMS open source an open source enterprise content management system based on the django framework. A security vulnerability exists in django CMS versions 3.11.7, 3.11.8, 4.1.2, and 4.1.3, which stems from improper input neutralization during web page generation and is...
WordPress plugin Auto Featured Image (Auto Post Thumbnail) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
PT-2024-38137 · Totolink · Totolink A3600R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found that affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection...
CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...
WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by István Márton in WordPress Plugin Generate PDF using Contact Form 7 versions = 4.1.2...
WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37555 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 2989195e2c48 Credits...
WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6317 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8ce1a2d4086e Credits...
WordPress plugin Eazy Plugin Manager 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... An authorization...
WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WpEvently versions = 4.1.2...