4 matches found
CVE-2021-40922
CVE-2021-40922 is a cross-site scripting (XSS) vulnerability affecting the open source defect-tracking system Bugs/Tinyissue in versions 1.8 and earlier, exploitable via the last_name parameter in install/index.php . The root cause is improper input handling in that endpoint, enabling remote atta...
CVE-2021-40923
The CVE-2021-40923 entry describes a Cross-site Scripting (XSS) vulnerability in the Bugs open-source defect tracking system, specifically install/index.php for Bugs 1.8 and earlier. The issue arises from the email parameter, allowing remote attackers to inject arbitrary web script or HTML. Conne...
CVE-2021-40924
CVE-2021-40924 documents a cross-site scripting (XSS) vulnerability in the Bugs/Tinyissue project. The issue affects install/index.php for bugs versions 1.8 and earlier, where the first_name parameter can be abused to inject arbitrary web script or HTML. The connected sources consistently describ...
CVE-2019-9002
The CVE-2019-9002 entry describes a code execution vulnerability in Tiny Issue 1.3.1 and pixeline Bugs up to 1.3.2c. The install/config-setup.php file permits remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains in the original directory after in...