XWiki XML View - Sensitive Information Exposure

A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template. id:...

EUVD-2023-27035

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-4201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before...

CVE-2023-1836

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from vulnerability to...

PT-2023-17270 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 15.9.5 GitLab versions 15.10 through 15.10.4 GitLab versions 15.11 through 15.11.0 Description: A cross-site scripting issue has been discovered in GitLab. When viewing an XML file in a repository in "raw" mode, it...

CVE-2023-22933

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting XSS in an extensible mark-up language XML View through the ‘layoutPanel’ attribute in the ‘module’ tag’...

CVE-2023-22933

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting XSS in an extensible mark-up language XML View through the ‘layoutPanel’ attribute in the ‘module’ tag’...

CVE-2023-22933 Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting XSS in an extensible mark-up language XML View through the ‘layoutPanel’ attribute in the ‘module’ tag’...

CVE-2023-22933

CVE-2023-22933 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 expose a Cross-Site Scripting (XSS) vulnerability in an XML View via the layoutPanel attribute on the module tag. The issue arises in Splunk Web-enabled deployments and could allow client-side code execution. Re...

PT-2023-18776 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows for Cross-Site Scripting XSS in an extensible mark-up language XML View through the...

CVE-2018-1000540

LoboEvolution version 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity XXE vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be...