26 matches found
Open Redirect
Overview oarepo-vocabularies is a Support for custom fields and hierarchy on Invenio vocabularies Affected versions of this package are vulnerable to Open Redirect. PoC via the createurlrules function in the ui/resources/vocabularytype/resource.py file. An attacker can redirect a victim user to a...
EUVD-2021-1342
Malware in sbrugna...
DRUPAL-CONTRIB-2023-001
This module enables users to create 'private' vocabularies. The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View...
Croogo vulnerable to XSS in title field
A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
GHSA-36PQ-CJH9-FV46 Croogo vulnerable to XSS in title field
A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
DRUPAL-CONTRIB-2022-014
This module enables users to create 'private' vocabularies. The module doesn't sufficiently check user access permissions when attempting to view, edit, or add terms to vocabularies, including vocabularies not managed by the module. Partial mitigation is available by requiring users have been...
CVE-2019-20789
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...
Cross site scripting
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...
CVE-2019-20789
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14345...
TemaTres 3.0 Cross Site Request Forgery
Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14345...
Croogo cross-site scripting vulnerability (CNVD-2019-03590)
Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized for Blog, Node, Page, content editing using WYSIWYG editor and other features. A cross-site scripting vulnerability exists in Croogo 3.0.5 and earlier versions...
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
Cross site scripting
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
CVE-2019-7170
Affected software: Croogo CMS (versions up to 3.0.5). Vulnerability: Stored-self XSS in the article/title handling, exploitable via the vulnerable Title field submitted to /admin/taxonomy/vocabularies. Impact (as stated): Attacker can execute HTML/JavaScript in a victim’s browser. Root cause (as ...
bodc.ac.uk XSS vulnerability
Open Bug Bounty ID: OBB-543609 Description| Value ---|--- Affected Website:| bodc.ac.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
TemaTres 1.0.3 - Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...
tematres 1.0.3 (auth bypass/sql/xss) Multiple Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! --...
TemaTres 1.0.3 (Auth Bypass/SQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...
TemaTres 1.0.3 - Authentication Bypass SQL Injection Cross-Site Scripting
TemaTres 1.0.3 - Authentication Bypass SQL Injection Cross-Site Scripting || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...