Lucene search
K

26 matches found

Snyk
Snyk
added 2025/11/01 6:40 a.m.2 views

Open Redirect

Overview oarepo-vocabularies is a Support for custom fields and hierarchy on Invenio vocabularies Affected versions of this package are vulnerable to Open Redirect. PoC via the createurlrules function in the ui/resources/vocabularytype/resource.py file. An attacker can redirect a victim user to a...

9.3CVSS6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1342

Malware in sbrugna...

4.8CVSS5AI score0.00733EPSS
Exploits1References4
OSV
OSV
added 2023/01/11 5:15 p.m.2 views

DRUPAL-CONTRIB-2023-001

This module enables users to create 'private' vocabularies. The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View...

6.7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/14 1:38 a.m.19 views

Croogo vulnerable to XSS in title field

A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...

4.8CVSS6.4AI score0.0061EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/14 1:38 a.m.15 views

GHSA-36PQ-CJH9-FV46 Croogo vulnerable to XSS in title field

A stored-self XSS exists in Croogo allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...

4.8CVSS4.9AI score0.0061EPSS
Exploits1References3
OSV
OSV
added 2022/01/26 5:18 p.m.2 views

DRUPAL-CONTRIB-2022-014

This module enables users to create 'private' vocabularies. The module doesn't sufficiently check user access permissions when attempting to view, edit, or add terms to vocabularies, including vocabularies not managed by the module. Partial mitigation is available by requiring users have been...

6.8AI score
Exploits0References1
OSV
OSV
added 2020/04/26 5:15 p.m.12 views

CVE-2019-20789

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...

4.8CVSS5.7AI score
Exploits0References2
Prion
Prion
added 2020/04/26 5:15 p.m.13 views

Cross site scripting

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...

3.5CVSS4.7AI score0.00733EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/26 4:6 p.m.39 views

CVE-2019-20789

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...

4.8AI score0.00733EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2019/11/18 12:0 a.m.306 views

TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14345...

9.8CVSS9.8AI score0.02022EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/11/18 12:0 a.m.119 views

TemaTres 3.0 Cross Site Request Forgery

Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14345...

0.2AI score0.02022EPSS
Exploits4
CNVD
CNVD
added 2019/01/30 12:0 a.m.2 views

Croogo cross-site scripting vulnerability (CNVD-2019-03590)

Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized for Blog, Node, Page, content editing using WYSIWYG editor and other features. A cross-site scripting vulnerability exists in Croogo 3.0.5 and earlier versions...

4.8CVSS6.3AI score0.0061EPSS
Exploits1References1
NVD
NVD
added 2019/01/29 6:29 p.m.24 views

CVE-2019-7170

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...

4.8CVSS5AI score0.0061EPSS
Exploits1References1
Prion
Prion
added 2019/01/29 6:29 p.m.13 views

Cross site scripting

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...

3.5CVSS4.9AI score0.0061EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/01/29 6:0 p.m.37 views

CVE-2019-7170

Affected software: Croogo CMS (versions up to 3.0.5). Vulnerability: Stored-self XSS in the article/title handling, exploitable via the vulnerable Title field submitted to /admin/taxonomy/vocabularies. Impact (as stated): Attacker can execute HTML/JavaScript in a victim’s browser. Root cause (as ...

4.8CVSS4.9AI score0.0061EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2018/01/24 7:27 p.m.12 views

bodc.ac.uk XSS vulnerability

Open Bug Bounty ID: OBB-543609 Description| Value ---|--- Affected Website:| bodc.ac.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

TemaTres 1.0.3 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

tematres 1.0.3 (auth bypass/sql/xss) Multiple Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! --...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/05/06 12:0 a.m.27 views

TemaTres 1.0.3 (Auth Bypass/SQL/XSS) Multiple Remote Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/05/05 12:0 a.m.29 views

TemaTres 1.0.3 - Authentication Bypass SQL Injection Cross-Site Scripting

TemaTres 1.0.3 - Authentication Bypass SQL Injection Cross-Site Scripting || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

1AI score
Exploits0
Rows per page
Query Builder