CVE-2021-4311 Talend Open Studio for MDM XML xml external entity reference

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended ...

CVE-2021-4309

CVE-2021-4309 affects 01-Scripts 01ACP. The root cause is manipulation of $_SERVER['SCRIPT_NAME'] enabling cross-site scripting. The vulnerability is described as remotely initiable with a patch identified as a16eb7da46ed22bc61067c212635394f2571d3c4; VDB-217649 is associated. Connected sources co...

CVE-2018-25072 lojban jbovlaste listing.html sql injection

A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The patch is named 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is...

CVE-2015-10028 ss15-this-is-sparta Main Page roomElement.js cross site scripting

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is...

CVE-2020-36644 jamesmartin Inline SVG URL Parameter helpers.rb cross site scripting

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

mren.com.tw Cross Site Scripting vulnerability OBB-3130768

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-10134 · Unknown · Elgs Gosqljson

Name of the Vulnerable Software and Affected Versions: elgs gosqljson affected versions not specified Description: A critical issue has been found in elgs gosqljson, affecting the functions QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement...

CVE-2014-125052 JervenBolleman sparql-identifiers RegistryDao.java sql injection

A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The patch is named 44bb0db91c064e305b192fc73521d1dfd25bde52...

PT-2023-10196 · Hpi Information Systems · Hpi-Information-Systems Prolod

Name of the Vulnerable Software and Affected Versions: HPI-Information-Systems ProLOD affected versions not specified Description: A critical issue has been found, affecting unknown code. The manipulation of the this argument leads to SQL injection. Recommendations: Apply the patch with the name...

CVE-2022-4869

CVE-2022-4869 affects Evolution Events Artaxerxes, specifically the POST Parameter Handler component in the file arta/common/middleware.py. The issue is described as the manipulation of the password argument that leads to information disclosure, with the attack noted as remote. The available conn...

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

CVE-2015-10011 OpenDNS OpenResolve endpoints.py neutralization for logs

A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The identifier of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is...

web.burnettcounty.org Cross Site Scripting vulnerability OBB-3126911

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2014-125028

CVE-2014-125028 affects the valtech IDP Test Client, with the vulnerability stemming from unknown functionality in the file python-flask/main.py that enables cross-site request forgery (CSRF) . The issue may be exploitable remotely, and a patch named f1e7b3d431c8681ec46445557125890c14fa295f is re...

CVE-2022-4735 asrashley dash-live DOM Node media.js ready cross site scripting

A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch i...

CVE-2022-4728 Graphite Web Cookie cross site scripting

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2022-4729 Graphite Web Template Name cross site scripting

A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2022-4730 Graphite Web Absolute Time Range cross site scripting

A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

PT-2022-27933 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846 version A1 FW100A43 Description: A command injection issue was discovered via the auto upgrade hour parameter in the SetAutoUpgradeInfo function. This allows for potential exploitation. No information is provided about the...

CVE-2021-4263 leanote history.js define cross site scripting

A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of t...