Lucene search
K

151 matches found

NVD
NVD
added 2025/02/13 11:15 p.m.11 views

CVE-2024-54951

Monica 4.1.2 is vulnerable to Cross Site Scripting XSS. A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS...

5.4CVSS0.00465EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.3 views

Monica 安全漏洞

Monica is an AI assistant from Monica Inc. A security vulnerability exists in Monica version 4.1.2 that originates from a malicious user being able to create a contact that is formatted incorrectly and use it in the HOW YOU MET customization option to trigger cross-site scripting...

5.4CVSS6.2AI score0.00465EPSS
Exploits2References2
CVE
CVE
added 2025/02/13 12:0 a.m.56 views

CVE-2024-54951

CVE-2024-54951 affects Monica 4.1.2 and enables Cross Site Scripting (XSS) by creating a malformed contact and using it in the How You Met customization field to trigger the payload. Connected sources consistently describe an XSS vector originating from the contact data used in the How You Met op...

5.4CVSS6.5AI score0.00465EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.6 views

PT-2025-6719 · Monica · Monica

Name of the Vulnerable Software and Affected Versions: Monica version 4.1.2 Description: The issue allows a malicious user to create a malformed contact and use it in the "HOW YOU MET" customization options to trigger Cross Site Scripting XSS. Recommendations: For Monica version 4.1.2, as a...

5.4CVSS6.6AI score0.00465EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2025/02/05 3:43 p.m.8 views

CVE-2020-5262

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

7.7CVSS6.6AI score0.00538EPSS
Exploits1
NVD
NVD
added 2025/01/13 5:15 p.m.12 views

CVE-2024-54999

MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the lastname parameter the General Information module...

6.5CVSS0.00388EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.5 views

PT-2025-3088 · Monicahq · Monicahq

Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.1.2 Description: The issue is related to an authenticated Client-Side Injection vulnerability in MonicaHQ. This vulnerability can be exploited via the Reason parameter at the "/people/h:id/debts/create" API endpoint...

5.4CVSS6.2AI score0.00356EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.5 views

MonicaHQ 安全漏洞

MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version v4.1.2 that stems from the Reason parameter containing authenticated client-side injection...

5.4CVSS6.6AI score0.00356EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/01/07 5:11 p.m.14 views

PHP-Textile has persistent XSS vulnerability in image link handling

Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input such as user comments to be parsed and handled safely by the...

6.1AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

OpenHarmony 资源管理错误漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom OpenAtom Foundation. A resource management error vulnerability exists in OpenHarmony version v4.1.2 and earlier versions, which stems from memory reuse after release, resulting in a denial of service...

5.5CVSS6.6AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2024/11/18 12:15 p.m.4 views

PYSEC-2024-124

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in django CMS Association django-cms allows Cross-Site Scripting XSS.This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3...

4.8CVSS5.9AI score0.00493EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.4 views

django CMS 安全漏洞

django CMS is django CMS open source an open source enterprise content management system based on the django framework. A security vulnerability exists in django CMS versions 3.11.7, 3.11.8, 4.1.2, and 4.1.3, which stems from improper input neutralization during web page generation and is...

4.8CVSS5.9AI score0.00493EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.2 views

WordPress plugin Auto Featured Image (Auto Post Thumbnail) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

4.3CVSS6.5AI score0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.5 views

PT-2024-38137 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found that affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection...

8.8CVSS7AI score0.03086EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/07/09 12:50 p.m.38 views

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS0.0036EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/09 7:10 a.m.3 views

WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by István Márton in WordPress Plugin Generate PDF using Contact Form 7 versions = 4.1.2...

8.8CVSS7AI score0.00605EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.17 views

WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37555 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 2989195e2c48 Credits...

9.8CVSS6.7AI score0.006EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.19 views

WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6317 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8ce1a2d4086e Credits...

8.8CVSS6.7AI score0.00605EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.2 views

WordPress plugin Eazy Plugin Manager 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... An authorization...

9.9CVSS8.9AI score0.00655EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/11 11:27 a.m.1 views

WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WpEvently versions = 4.1.2...

7AI score0.001EPSS
Exploits0Affected Software1
Rows per page
Query Builder