Disclosed Vulnerabilities

Checkmarx Zero is working on making the world a safer place by finding, disclosing, and helping to fix open-source vulnerabilities. Below are the vulnerabilities we’ve disclosed in our role as a CNA (CVE Numbering Authority) via the MITRE CVE process.

Our CVE disclosures

cx_zero_vulnerabilities_hero_visual2

Publication date

CVE ID

Name

CVE Score

Vulnerability page

Sort by:

Publication date

Publication date

Publication date

CVE ID

CVE ID

CVE Score

CVE Score

Date

2025-11-27

CVE ID

CVE-2025-3261

Name

Stored Cross-Site Scripting (XSS) in ThingsBoard

CVE SCORE

Page

Summary

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the “Image Gallery”, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user’s browser. This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored Cross-Site Scripting (XSS) in ThingsBoard

SUMMARY

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the “Image Gallery”, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user’s browser. This vulnerability can lead to the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and allowing unauthorized actions.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

2025-06-17

CVE ID

CVE-2025-6050

Name

Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface

CVE SCORE

Page

Summary

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface

SUMMARY

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

2025-01-17

CVE ID

CVE-2025-0825

Name

HTTP Response Splitting in cpp-httplib

CVE SCORE

Page

Summary

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters (" ") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

HTTP Response Splitting in cpp-httplib

SUMMARY

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters (" ") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Date

2024-12-12

CVE ID

CVE-2024-8374

Name

Code Injection in UltiMaker Cura

CVE SCORE

Page

Summary

A Code Injection vulnerability in the file ThreeMFReader.py allows attackers to distribute malicious models which will trigger code injection vulnerabilities. This issue affects UltiMaker Cura: from v5.7.0-beta.1 through v5.8.0-beta.1

Properties

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Code Injection in UltiMaker Cura

SUMMARY

A Code Injection vulnerability in the file ThreeMFReader.py allows attackers to distribute malicious models which will trigger code injection vulnerabilities. This issue affects UltiMaker Cura: from v5.7.0-beta.1 through v5.8.0-beta.1

PROPERTIES

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

2024-11-14

CVE ID

CVE-2024-49759

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Manage User Access

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the Manage User Access page allows authenticated users to inject arbitrary JavaScript through the bill_name parameter when creating a new bill. The injected script executes in the Bill Access dropdown on the Manage Access page.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Manage User Access

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the Manage User Access page allows authenticated users to inject arbitrary JavaScript through the bill_name parameter when creating a new bill. The injected script executes in the Bill Access dropdown on the Manage Access page.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-49764

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Capture Debug Information

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the “Capture Debug Information” page allows authenticated users to inject arbitrary JavaScript through the `hostname` parameter when creating a new device. The injected script executes when the Capture Debug Information page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Capture Debug Information

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the “Capture Debug Information” page allows authenticated users to inject arbitrary JavaScript through the `hostname` parameter when creating a new device. The injected script executes when the Capture Debug Information page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-50350

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Port Settings Port Group

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the Port Settings page allows authenticated users to inject arbitrary JavaScript through the `name` parameter when creating a new Port Group. This payload executes when the Port Settings page is visited after the Port Group is added to a device, compromising user sessions and enabling unauthorized actions.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Port Settings Port Group

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the Port Settings page allows authenticated users to inject arbitrary JavaScript through the `name` parameter when creating a new Port Group. This payload executes when the Port Settings page is visited after the Port Group is added to a device, compromising user sessions and enabling unauthorized actions.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-50351

Name

Reflected Cross-site Scripting in @LibreNMS/LibreNMS Logs Tab

CVE SCORE

Page

Summary

A Reflected Cross-Site Scripting (XSS) vulnerability in the "logs" tab of a device in the `@LibreNMS/LibreNMS` project allows attackers to inject arbitrary JavaScript via the `section` parameter, leading to code execution when the page is loaded.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Reflected Cross-site Scripting in @LibreNMS/LibreNMS Logs Tab

SUMMARY

A Reflected Cross-Site Scripting (XSS) vulnerability in the "logs" tab of a device in the `@LibreNMS/LibreNMS` project allows attackers to inject arbitrary JavaScript via the `section` parameter, leading to code execution when the page is loaded.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-50352

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Services Section of Device Overview

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the “Services” section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the `name` parameter, resulting in code execution in other users’ sessions.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Services Section of Device Overview

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the “Services” section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the `name` parameter, resulting in code execution in other users’ sessions.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-51494

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Port Settings

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the “Port Settings” page allows authenticated users to inject arbitrary JavaScript through the `descr` parameter when editing a device’s port settings, which then executes when the page is viewed.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Port Settings

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the “Port Settings” page allows authenticated users to inject arbitrary JavaScript through the `descr` parameter when editing a device’s port settings, which then executes when the page is viewed.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-51495

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Device Overview `overwrite_ip` Field

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the `overwrite_ip` parameter when editing a device. The injected script executes in the “Assigned IP” field on page load, potentially compromising other users’ sessions.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Device Overview `overwrite_ip` Field

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the `overwrite_ip` parameter when editing a device. The injected script executes in the “Assigned IP” field on page load, potentially compromising other users’ sessions.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-51496

Name

Reflected Cross-site Scripting in @LibreNMS/LibreNMS /wireless and /health endpoints

CVE SCORE

Page

Summary

A Reflected Cross-Site Scripting (XSS) vulnerability in the “metric” parameter of the “/wireless” and “/health” endpoints in the `@LibreNMS/LibreNMS` project allows attackers to inject arbitrary JavaScript that executes when the page is loaded.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Reflected Cross-site Scripting in @LibreNMS/LibreNMS /wireless and /health endpoints

SUMMARY

A Reflected Cross-Site Scripting (XSS) vulnerability in the “metric” parameter of the “/wireless” and “/health” endpoints in the `@LibreNMS/LibreNMS` project allows attackers to inject arbitrary JavaScript that executes when the page is loaded.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-51497

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Custom OID Tab

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the “Custom OID” tab of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the `unit` parameter when creating a new OID. The payload executes in the “Unit” column of the Custom OID table, potentially compromising other users’ sessions.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Custom OID Tab

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the “Custom OID” tab of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the `unit` parameter when creating a new OID. The payload executes in the “Unit” column of the Custom OID table, potentially compromising other users’ sessions.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

2024-11-14

CVE ID

CVE-2024-52526

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Services Tab

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the “Services” tab of the Device page of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the `descr` parameter when adding a service to a device.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Services Tab

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the “Services” tab of the Device page of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the `descr` parameter when adding a service to a device.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

21 Oct 2024

CVE ID

CVE-2023-49089

Name

Path Traversal on Package Name in @umbraco/Umbraco-CMS

CVE SCORE

Page

Summary

The `Create Package` functionality in the `@umbraco/Umbraco-CMS` package contains a path traversal vulnerability that allows a user to specify a relative or absolute path as the package name. This can result in the creation or overwriting of files outside the intended directory. The issue has been addressed by sanitizing the package name input to prevent path traversal. The fix was released in the following versions: 8.18.10, 10.8.1 and 12.3.4.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Path Traversal on Package Name in @umbraco/Umbraco-CMS

SUMMARY

The `Create Package` functionality in the `@umbraco/Umbraco-CMS` package contains a path traversal vulnerability that allows a user to specify a relative or absolute path as the package name. This can result in the creation or overwriting of files outside the intended directory. The issue has been addressed by sanitizing the package name input to prevent path traversal. The fix was released in the following versions: 8.18.10, 10.8.1 and 12.3.4.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Date

1 Oct 2024

CVE ID

CVE-2024-47523

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Alert Transports

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the "Details" section. The injected script executes in other users’ sessions when transport details are viewed, potentially compromising accounts and enabling unauthorized actions.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Alert Transports

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the "Details" section. The injected script executes in other users’ sessions when transport details are viewed, potentially compromising accounts and enabling unauthorized actions.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

1 Oct 2024

CVE ID

CVE-2024-47525

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Alert Rules

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the "Title" field. The injected script executes when the alert rules page loads, redirecting users to attacker-controlled domains and exposing session cookies.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Alert Rules

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the "Title" field. The injected script executes when the alert rules page loads, redirecting users to attacker-controlled domains and exposing session cookies.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

1 Oct 2024

CVE ID

CVE-2024-47526

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Alert Templates

CVE SCORE

Page

Summary

A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature of the `@LibreNMS/LibreNMS` project allows users to inject arbitrary JavaScript into the alert template’s name. This script executes immediately upon submission but does not persist after a page refresh.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Alert Templates

SUMMARY

A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature of the `@LibreNMS/LibreNMS` project allows users to inject arbitrary JavaScript into the alert template’s name. This script executes immediately upon submission but does not persist after a page refresh.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

1 Oct 2024

CVE ID

CVE-2024-47527

Name

Stored Cross-site Scripting in @LibreNMS/LibreNMS Device Dependencies

CVE SCORE

Page

Summary

A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the device name (`hostname` parameter). This script executes when another user views the Device Dependencies page, potentially redirecting them to attacker-controlled sites and exposing session cookies.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Stored Cross-site Scripting in @LibreNMS/LibreNMS Device Dependencies

SUMMARY

A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature of the `@LibreNMS/LibreNMS` project allows authenticated users to inject arbitrary JavaScript through the device name (`hostname` parameter). This script executes when another user views the Device Dependencies page, potentially redirecting them to attacker-controlled sites and exposing session cookies.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: Low

Date

23 Sep 2024

CVE ID

CVE-2023-48313

Name

DOM-XSS in Login Functionality in @umbraco/Umbraco-CMS

CVE SCORE

Page

Summary

The package `@umbraco/Umbraco-CMS` contains a DOM-based XSS vulnerability in the login functionality. The vulnerability occurs in the `login.controller.js` file, where a user-supplied `returnPath` parameter is not properly validated, allowing for the injection of malicious JavaScript. Attackers can exploit this by crafting a URL that triggers XSS once a user logs in, potentially gaining access to elevated privileges if an administrator uses the malicious link. The issue was addressed in Umbraco versions 10.8.1 and 12.3.4 by validating the `returnPath` parameter.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

DOM-XSS in Login Functionality in @umbraco/Umbraco-CMS

SUMMARY

The package `@umbraco/Umbraco-CMS` contains a DOM-based XSS vulnerability in the login functionality. The vulnerability occurs in the `login.controller.js` file, where a user-supplied `returnPath` parameter is not properly validated, allowing for the injection of malicious JavaScript. Attackers can exploit this by crafting a URL that triggers XSS once a user logs in, potentially gaining access to elevated privileges if an administrator uses the malicious link. The issue was addressed in Umbraco versions 10.8.1 and 12.3.4 by validating the `returnPath` parameter.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

23 Sep 2024

CVE ID

CVE-2024-35218

Name

Stored XSS on Content Page Through Markdown Editor Preview Pane in @umbraco/Umbraco-CMS

CVE SCORE

Page

Summary

A stored XSS vulnerability exists in the Content page of `@umbraco/Umbraco-CMS` through the Markdown Editor’s preview pane. This vulnerability allows an attacker with Editor permissions to inject arbitrary JavaScript into the markdown content. When an administrator reviews or publishes this page, the XSS is triggered, leading to a full compromise of the application. The issue was fixed by sanitizing the HTML content before rendering it in the preview pane. The fix was released in the following versions: 8.18.13, 10.8.4, 12.3.7 and 13.1.1

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS on Content Page Through Markdown Editor Preview Pane in @umbraco/Umbraco-CMS

SUMMARY

A stored XSS vulnerability exists in the Content page of `@umbraco/Umbraco-CMS` through the Markdown Editor’s preview pane. This vulnerability allows an attacker with Editor permissions to inject arbitrary JavaScript into the markdown content. When an administrator reviews or publishes this page, the XSS is triggered, leading to a full compromise of the application. The issue was fixed by sanitizing the HTML content before rendering it in the preview pane. The fix was released in the following versions: 8.18.13, 10.8.4, 12.3.7 and 13.1.1

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

23 Sep 2024

CVE ID

CVE-2024-35239

Name

Stored XSS on Title and Description Component of Umbraco Forms

CVE SCORE

Page

Summary

A stored XSS vulnerability exists in the `Title and Description` component of the Umbraco Forms package. Users with access to edit forms can inject arbitrary JavaScript into the `BodyText` and `CaptionTag` fields, which are rendered as HTML when the form is displayed. The fix was released in the following versions: 13.0.1, 12.2.2, 10.5.3 and 8.13.13.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS on Title and Description Component of Umbraco Forms

SUMMARY

A stored XSS vulnerability exists in the `Title and Description` component of the Umbraco Forms package. Users with access to edit forms can inject arbitrary JavaScript into the `BodyText` and `CaptionTag` fields, which are rendered as HTML when the form is displayed. The fix was released in the following versions: 13.0.1, 12.2.2, 10.5.3 and 8.13.13.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Date

23 Sep 2024

CVE ID

CVE-2024-35240

Name

Stored XSS on Print Functionality in Umbraco Commerce

CVE SCORE

Page

Summary

The package `Umbraco Commerce` contains a stored XSS vulnerability in the Print functionality. When a user submits arbitrary JavaScript within the Billing/Shipping information during a purchase, this payload is stored and executed when an admin attempts to print the order in the backoffice. This can lead to the execution of malicious code with the possibility of privilege escalation or data compromise. The issue was addressed by sanitizing the user input before rendering the print page. The fix was released in the following versions: 12.1.4 and 10.0.5.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS on Print Functionality in Umbraco Commerce

SUMMARY

The package `Umbraco Commerce` contains a stored XSS vulnerability in the Print functionality. When a user submits arbitrary JavaScript within the Billing/Shipping information during a purchase, this payload is stored and executed when an admin attempts to print the order in the backoffice. This can lead to the execution of malicious code with the possibility of privilege escalation or data compromise. The issue was addressed by sanitizing the user input before rendering the print page. The fix was released in the following versions: 12.1.4 and 10.0.5.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

14 Jun 2024

CVE ID

CVE-2024-5685

Name

Broken Function Level Authorization (BFLA) in snipe/snipe-it

CVE SCORE

Page

Summary

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call. This issue affects snipe-it: from v4.6.17 through v6.4.1.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Broken Function Level Authorization (BFLA) in snipe/snipe-it

SUMMARY

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call. This issue affects snipe-it: from v4.6.17 through v6.4.1.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: Low

Date

10 May 2024

CVE ID

CVE-2024-34349

Name

Stored Cross-Site Scripting (XSS) in sylius/sylius

CVE SCORE

Page

Summary

The sylius package is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in various components of the Admin panel.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored Cross-Site Scripting (XSS) in sylius/sylius

SUMMARY

The sylius package is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in various components of the Admin panel.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

29 Apr 2024

CVE ID

CVE-2024-4068

Name

Memory Exhaustion in braces

CVE SCORE

Page

Summary

The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js`, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

Memory Exhaustion in braces

SUMMARY

The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js`, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

28 Apr 2024

CVE ID

CVE-2024-4067

Name

Regular Expression Denial of Service (ReDoS) in micromatch

CVE SCORE

Page

Summary

The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything, which can cause the application to hang or slow down. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to its greedy matching. This issue was fixed in version 4.0.8.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

Regular Expression Denial of Service (ReDoS) in micromatch

SUMMARY

The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything, which can cause the application to hang or slow down. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to its greedy matching. This issue was fixed in version 4.0.8.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

4 Apr 2024

CVE ID

CVE-2024-31217

Name

Denial-of-Service via Improper Exception Handling in @strapi/plugin-upload

CVE SCORE

Page

Summary

The Strapi Web Application is missing input validation in its file upload feature in versions prior to 4.22.0 which leads to Denial of Service. This vulnerability allows an attacker to crash the node server, affecting either development and production environments.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

Denial-of-Service via Improper Exception Handling in @strapi/plugin-upload

SUMMARY

The Strapi Web Application is missing input validation in its file upload feature in versions prior to 4.22.0 which leads to Denial of Service. This vulnerability allows an attacker to crash the node server, affecting either development and production environments.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

2 Jan 2024

CVE ID

CVE-2023-50447

Name

Arbitrary Code Execution in Pillow

CVE SCORE

Page

Summary

A critical security flaw is present in the Python `Pillow` package in versions prior to 10.2.0. If an attacker has control over the keys passed to the environment argument of `PIL.ImageMath.eval()`, they may be able to execute arbitrary code. To prevent this, keys matching the names of builtins and keys containing double underscores will now raise a `ValueError`.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Arbitrary Code Execution in Pillow

SUMMARY

A critical security flaw is present in the Python `Pillow` package in versions prior to 10.2.0. If an attacker has control over the keys passed to the environment argument of `PIL.ImageMath.eval()`, they may be able to execute arbitrary code. To prevent this, keys matching the names of builtins and keys containing double underscores will now raise a `ValueError`.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

26 Sep 2023

CVE ID

CVE-2023-46495

Name

Reflected XSS in Front Store in @evershop/evershop

CVE SCORE

Page

Summary

EverShop Web Application in versions prior to 1.0.0-rc.8 contains a Reflected Cross-Site Scripting (XSS) vulnerability. Attackers can exploit this issue by adding a second "sortBy" parameter to the request. This unexpected behavior will return the second "sortBy" value in the page's code, potentially enabling the successful execution of XSS payloads.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Reflected XSS in Front Store in @evershop/evershop

SUMMARY

EverShop Web Application in versions prior to 1.0.0-rc.8 contains a Reflected Cross-Site Scripting (XSS) vulnerability. Attackers can exploit this issue by adding a second "sortBy" parameter to the request. This unexpected behavior will return the second "sortBy" value in the page's code, potentially enabling the successful execution of XSS payloads.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

25 Sep 2023

CVE ID

CVE-2023-46496

Name

Arbitrary File Deletion (via Relative Path Traversal) in @evershop/evershop

CVE SCORE

Page

Summary

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'unlinkSync' in 'deleteFile.js', leading to a Relative Path Traversal vulnerability that enables arbitrary file deletion. This vulnerability extends beyond path traversal since the endpoint "/api/files" allows "DELETE" requests which then allow for file deletion across the filesystem.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Arbitrary File Deletion (via Relative Path Traversal) in @evershop/evershop

SUMMARY

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'unlinkSync' in 'deleteFile.js', leading to a Relative Path Traversal vulnerability that enables arbitrary file deletion. This vulnerability extends beyond path traversal since the endpoint "/api/files" allows "DELETE" requests which then allow for file deletion across the filesystem.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: High

Date

25 Sep 2023

CVE ID

CVE-2023-46497

Name

Arbitrary Folder Creation (via Relative Path Traversal) in @evershop/evershop

CVE SCORE

Page

Summary

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'mkdirSync' in 'createFolder.js', leading to a Relative Path Traversal vulnerability that enables arbitrary folder creation. From the feature for adding an image to a Product's "Description" field, attackers can create a new folder in unintended locations by navigating backward with "../", potentially affecting system processes.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Arbitrary Folder Creation (via Relative Path Traversal) in @evershop/evershop

SUMMARY

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'mkdirSync' in 'createFolder.js', leading to a Relative Path Traversal vulnerability that enables arbitrary folder creation. From the feature for adding an image to a Product's "Description" field, attackers can create a new folder in unintended locations by navigating backward with "../", potentially affecting system processes.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

25 Sep 2023

CVE ID

CVE-2023-46498

Name

Broken Function Level Authorization in @evershop/evershop

CVE SCORE

Page

Summary

A Broken Function Level Authorization vulnerability in the "route.json" file of the EverShop web application in versions prior to 1.0.0-rc.8 allows unauthenticated attackers to delete customer accounts through a publicly accessible GraphQL endpoint. Attackers can chain this with another vulnerability found in the GraphQL schema, first by querying the schema to identify the "Customer" object and get the relevant "uuid" of a user. Then the attackers are able to send a DELETE request to the unprotected endpoint, resulting in the successful deletion of the user account. This was fixed by closing public access to the endpoint so it requires users to be authenticated with 'admin' credentials in order to request it.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Broken Function Level Authorization in @evershop/evershop

SUMMARY

A Broken Function Level Authorization vulnerability in the "route.json" file of the EverShop web application in versions prior to 1.0.0-rc.8 allows unauthenticated attackers to delete customer accounts through a publicly accessible GraphQL endpoint. Attackers can chain this with another vulnerability found in the GraphQL schema, first by querying the schema to identify the "Customer" object and get the relevant "uuid" of a user. Then the attackers are able to send a DELETE request to the unprotected endpoint, resulting in the successful deletion of the user account. This was fixed by closing public access to the endpoint so it requires users to be authenticated with 'admin' credentials in order to request it.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: High

Date

25 Sep 2023

CVE ID

CVE-2023-46493

Name

Directories List (via Relative Path Traversal) in @evershop/evershop

CVE SCORE

Page

Summary

The EverShop Web Application is missing input validation in the function 'readdirSync' in 'browser.js' in versions prior to 1.0.0-rc.8 which leads to Relative Path Traversal. This vulnerability allows an attacker to list all the folders and files on the filesystem through the API endpoint '/api/files'.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Directories List (via Relative Path Traversal) in @evershop/evershop

SUMMARY

The EverShop Web Application is missing input validation in the function 'readdirSync' in 'browser.js' in versions prior to 1.0.0-rc.8 which leads to Relative Path Traversal. This vulnerability allows an attacker to list all the folders and files on the filesystem through the API endpoint '/api/files'.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

25 Aug 2023

CVE ID

CVE-2023-46942

Name

Lack of Authentication on GraphQL Endpoints in @evershop/evershop

CVE SCORE

Page

Summary

Lack of authentication in GraphQL in the EverShop Web Application in versions prior to 1.0.0-rc.8 allows any user to access sensitive data without proper authorization.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Lack of Authentication on GraphQL Endpoints in @evershop/evershop

SUMMARY

Lack of authentication in GraphQL in the EverShop Web Application in versions prior to 1.0.0-rc.8 allows any user to access sensitive data without proper authorization.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

25 Aug 2023

CVE ID

CVE-2023-46943

Name

Insecure JWT – Hardcoded HMAC Secret in @evershop/evershop

CVE SCORE

Page

Summary

A critical security flaw is present in the EverShop Web Application in versions prior to 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. This vulnerability has been fixed by implementing session authentication.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Insecure JWT – Hardcoded HMAC Secret in @evershop/evershop

SUMMARY

A critical security flaw is present in the EverShop Web Application in versions prior to 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. This vulnerability has been fixed by implementing session authentication.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Date

1 Jul 2023

CVE ID

CVE-2023-44271

Name

Denial of Service (DoS) in Pillow

CVE SCORE

Page

Summary

Python's package Pillow prior to 10.0.0 allows attackers to cause a Denial of Service when using arbitrary strings as text input in "ImageFont" methods that calculate text size or render text to an image. The number of characters passed to these methods is not properly checked, potentially causing a service to crash by having it run out of memory.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

Denial of Service (DoS) in Pillow

SUMMARY

Python's package Pillow prior to 10.0.0 allows attackers to cause a Denial of Service when using arbitrary strings as text input in "ImageFont" methods that calculate text size or render text to an image. The number of characters passed to these methods is not properly checked, potentially causing a service to crash by having it run out of memory.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

27 Apr 2023

CVE ID

CVE-2023-46494

Name

Reflected XSS in Admin Panel in @evershop/evershop

CVE SCORE

Page

Summary

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Reflected Cross-Site Scripting (XSS) vulnerability in the Admin Panel. This security flaw allows attackers to inject malicious code into the application's admin panel, particularly in the "Product Name" and "SKU" input fields when searching for products, leading to the execution of unauthorized JavaScript code in the browser. Other similar input fields are also affected.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Reflected XSS in Admin Panel in @evershop/evershop

SUMMARY

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Reflected Cross-Site Scripting (XSS) vulnerability in the Admin Panel. This security flaw allows attackers to inject malicious code into the application's admin panel, particularly in the "Product Name" and "SKU" input fields when searching for products, leading to the execution of unauthorized JavaScript code in the browser. Other similar input fields are also affected.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

27 Apr 2023

CVE ID

CVE-2023-46499

Name

Stored XSS in Admin Panel in @evershop/evershop

CVE SCORE

Page

Summary

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Stored Cross-Site Scripting (XSS) vulnerability affecting various functionalities of the Admin Panel. Attackers can particularly inject malicious code during the creation of new products. The registration of users is also affected, which means that an unauthenticated user could store malicious code during registration which will affect administrators that visit the users' section. The latter could lead to more serious attack vectors, including account takeover.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS in Admin Panel in @evershop/evershop

SUMMARY

EverShop Web Application in versions prior to 1.0.0-rc.5 contains a Stored Cross-Site Scripting (XSS) vulnerability affecting various functionalities of the Admin Panel. Attackers can particularly inject malicious code during the creation of new products. The registration of users is also affected, which means that an unauthenticated user could store malicious code during registration which will affect administrators that visit the users' section. The latter could lead to more serious attack vectors, including account takeover.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Date

30 Oct 2022

CVE ID

CVE-2022-44143

Name

Arbitrary File Write (via Path Traversal) in nopCommerce

CVE SCORE

Page

Summary

A path traversal vulnerability leads to arbitrary file write in nopCommerce version 4.50.3 and below

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Arbitrary File Write (via Path Traversal) in nopCommerce

SUMMARY

A path traversal vulnerability leads to arbitrary file write in nopCommerce version 4.50.3 and below

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-0436

Name

Path Traversal in gruntjs/grunt

CVE SCORE

Page

Summary

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Properties

Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Path Traversal in gruntjs/grunt

SUMMARY

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

PROPERTIES

Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-1537

Name

Arbitrary File Write gruntjs/grunt

CVE SCORE

Page

Summary

Arbitrary File Write in gruntjs/grunt prior to 1.5.3.

Properties

Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Arbitrary File Write gruntjs/grunt

SUMMARY

Arbitrary File Write in gruntjs/grunt prior to 1.5.3.

PROPERTIES

Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

12 Sep 2022

CVE ID

N/A

Name

Authentication Bypass by Primary Weakness in parse-url

CVE SCORE

Page

Summary

Authentication Bypass by Primary Weakness in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Authentication Bypass by Primary Weakness in parse-url

SUMMARY

Authentication Bypass by Primary Weakness in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Exposure of Sensitive Information to an Unauthorized Actor in parse-url

CVE SCORE

Page

Summary

Exposure of Sensitive Information to an Unauthorized Actor in parse-url version 6.0.2 and prior to 6.0.1.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Exposure of Sensitive Information to an Unauthorized Actor in parse-url

SUMMARY

Exposure of Sensitive Information to an Unauthorized Actor in parse-url version 6.0.2 and prior to 6.0.1.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Improper Input Validation in parse-url

CVE SCORE

Page

Summary

Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Improper Input Validation in parse-url

SUMMARY

Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Hostname Spoofing via Improper Input Validation in parse-url

CVE SCORE

Page

Summary

Hostname Spoofing via Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Hostname Spoofing via Improper Input Validation in parse-url

SUMMARY

Hostname Spoofing via Improper Input Validation in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Open Redirect in parse-url

CVE SCORE

Page

Summary

Open Redirect in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Open Redirect in parse-url

SUMMARY

Open Redirect in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Whitelist bypasses in parse-url

CVE SCORE

Page

Summary

Malicious usage of '+' in protocol can lead to whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Whitelist bypasses in parse-url

SUMMARY

Malicious usage of '+' in protocol can lead to whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

Whitelist bypasses in parse-url

CVE SCORE

Page

Summary

'?' before the '@' sign in HTTP URLs allows whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Whitelist bypasses in parse-url

SUMMARY

'?' before the '@' sign in HTTP URLs allows whitelist bypasses in parse-url through 6.0.0, and versions 6.0.2, 6.0.3, 6.0.5

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-29248

Name

Set cookie for different domain in guzzle/guzzle

CVE SCORE

Page

Summary

Set cookie for different domain in guzzle/guzzle prior 6.5.6 and 7.x prior to 7.4.3

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Set cookie for different domain in guzzle/guzzle

SUMMARY

Set cookie for different domain in guzzle/guzzle prior 6.5.6 and 7.x prior to 7.4.3

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-31042

Name

Unvalidated Follow Redirects in guzzle/guzzle

CVE SCORE

Page

Summary

Unvalidated Follow Redirects in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Unvalidated Follow Redirects in guzzle/guzzle

SUMMARY

Unvalidated Follow Redirects in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-31043

Name

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle

CVE SCORE

Page

Summary

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle

SUMMARY

Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle prior to 6.5.7 and 7.x prior to 7.4.4

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-28803

Name

Stored XSS in silverstripe/silverstripe-framework

CVE SCORE

Page

Summary

Stored XSS in silverstripe/silverstripe-framework versions 4.x.x prior to 4.10.9.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS in silverstripe/silverstripe-framework

SUMMARY

Stored XSS in silverstripe/silverstripe-framework versions 4.x.x prior to 4.10.9.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-29858

Name

Cross-Site Scripting in silverstripe/silverstripe-assets

CVE SCORE

Page

Summary

Cross-Site Scripting in silverstripe/silverstripe-assets through 1.10.0.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Cross-Site Scripting in silverstripe/silverstripe-assets

SUMMARY

Cross-Site Scripting in silverstripe/silverstripe-assets through 1.10.0.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Date

12 Sep 2022

CVE ID

N/A

Name

ReDoS vulnerability in GitPython

CVE SCORE

Page

Summary

A ReDoS (Regular Expression Denial of Service) vulnerability exists in GitPython before 3.1.27.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

ReDoS vulnerability in GitPython

SUMMARY

A ReDoS (Regular Expression Denial of Service) vulnerability exists in GitPython before 3.1.27.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

12 Sep 2022

CVE ID

CVE-2022-1996

Name

Authorization Bypass Through User-Controlled Key in emicklei/go-restful.

CVE SCORE

Page

Summary

Authorization Bypass Through User-Controlled Key in emicklei/go-restful prior to version 3.8.0.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Authorization Bypass Through User-Controlled Key in emicklei/go-restful.

SUMMARY

Authorization Bypass Through User-Controlled Key in emicklei/go-restful prior to version 3.8.0.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Date

12 Sep 2022

CVE ID

CVE-2022-2217

Name

Cross-site Scripting (XSS) in parse-url

CVE SCORE

Page

Summary

Cross-site Scripting (XSS) in parse-url prior to version 6.0.0 and in 6.0.2.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Cross-site Scripting (XSS) in parse-url

SUMMARY

Cross-site Scripting (XSS) in parse-url prior to version 6.0.0 and in 6.0.2.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

21 Jul 2022

CVE ID

CVE-2022-31091

Name

Sensitive header uncleared on same-host, cross-port redirect in guzzle/guzzle

CVE SCORE

Page

Summary

Sensitive headers are uncleared on cross-port redirect

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Sensitive header uncleared on same-host, cross-port redirect in guzzle/guzzle

SUMMARY

Sensitive headers are uncleared on cross-port redirect

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Date

21 Jul 2022

CVE ID

CVE-2022-2218

Name

Cross Site Scripting in ionicabizau/parse-url

CVE SCORE

Page

Summary

spoofing of the javascript protocol itself

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Cross Site Scripting in ionicabizau/parse-url

SUMMARY

spoofing of the javascript protocol itself

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

21 Jul 2022

CVE ID

CVE-2022-2216

Name

SSRF via Improper Input Validation in ionicabizau/parse-url

CVE SCORE

Page

Summary

Hostname is not detected because of improper handling of username and password. (Based on real cases)

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

SSRF via Improper Input Validation in ionicabizau/parse-url

SUMMARY

Hostname is not detected because of improper handling of username and password. (Based on real cases)

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

20 Jul 2022

CVE ID

N/A

Name

Authenticated RCE in craftcms/cms

CVE SCORE

Page

Summary

Authenticated RCE through /admin/settings/email endpoint in craftcms/cms

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Authenticated RCE in craftcms/cms

SUMMARY

Authenticated RCE through /admin/settings/email endpoint in craftcms/cms

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

17 Jun 2022

CVE ID

CVE-2022-22979

Name

DoS in Spring Cloud Function

CVE SCORE

Page

Summary

Spring Cloud Function through the web endpoint is vulnerable to DoS.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

DoS in Spring Cloud Function

SUMMARY

Spring Cloud Function through the web endpoint is vulnerable to DoS.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

17 Jun 2022

CVE ID

N/A

Name

Unintended function invocation in Spring Cloud Function

CVE SCORE

Page

Summary

Spring Cloud Function exposes more functions than intended.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Unintended function invocation in Spring Cloud Function

SUMMARY

Spring Cloud Function exposes more functions than intended.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Date

28 Apr 2022

CVE ID

CVE-2022-0686

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Page

Summary

The `url-parse` NPM package allows authorization bypass through user-controlled key. When no port number is provided in the 'url', url-parse is unable to find the correct hostname.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

The `url-parse` NPM package allows authorization bypass through user-controlled key. When no port number is provided in the 'url', url-parse is unable to find the correct hostname.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Date

28 Apr 2022

CVE ID

CVE-2022-0691

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Page

Summary

The `url-parse` npm package allows authorization bypass through user-controlled key. Bypasses `https://hackerone.com/reports/496293` via `` (backspace) character.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

The `url-parse` npm package allows authorization bypass through user-controlled key. Bypasses `https://hackerone.com/reports/496293` via `` (backspace) character.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2022

CVE ID

CVE-2022-0227

Name

Business Logic Errors in SilverStripe Framework

CVE SCORE

Page

Summary

SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Business Logic Errors in SilverStripe Framework

SUMMARY

SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

28 Apr 2022

CVE ID

N/A

Name

A ReDoS (Regular Expression Denial of Service) vulnerability in GitPython

CVE SCORE

Page

Summary

A ReDoS (Regular Expression Denial of Service) vulnerability exists in `GitPython`.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

A ReDoS (Regular Expression Denial of Service) vulnerability in GitPython

SUMMARY

A ReDoS (Regular Expression Denial of Service) vulnerability exists in `GitPython`.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

28 Apr 2022

CVE ID

CVE-2022-0338

Name

Improper Privilege Management in Conda 'loguru'

CVE SCORE

Page

Summary

Improper Privilege Management in Conda 'loguru' can allow an unprivileged user to read log files and disclose sensitive information.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Page

FULL VULNERABILITY NAME

Improper Privilege Management in Conda 'loguru'

SUMMARY

Improper Privilege Management in Conda 'loguru' can allow an unprivileged user to read log files and disclose sensitive information.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None

Date

28 Apr 2022

CVE ID

N/A

Name

Log Injection in loguru

CVE SCORE

Page

Summary

Improper Neutralization of Equivalent Special Elements in `loguru` can lead to Log Injection on all logging methods. It is possible to inject newlines (' ') which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Log Injection in loguru

SUMMARY

Improper Neutralization of Equivalent Special Elements in `loguru` can lead to Log Injection on all logging methods. It is possible to inject newlines (' ') which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Date

25 Apr 2022

CVE ID

CVE-2021-43432

Name

XSS in XMALL ecommerce system

CVE SCORE

Page

Summary

XSS exists in the XMALL admin panel via the GET parameter in product-add.jsp

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

XSS in XMALL ecommerce system

SUMMARY

XSS exists in the XMALL admin panel via the GET parameter in product-add.jsp

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

25 Apr 2022

CVE ID

CVE-2022-0512

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Page

Summary

The `url-parse` npm package allows Authorization Bypass through user-controlled key. It improperly handles username and password, and ìt's unable to detect the hostname.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

The `url-parse` npm package allows Authorization Bypass through user-controlled key. It improperly handles username and password, and ìt's unable to detect the hostname.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

25 Apr 2022

CVE ID

CVE-2022-0639

Name

Authorization Bypass vulnerability in url-parse

CVE SCORE

Page

Summary

Authorization Bypass through User-Controlled Key in NPM `url-parse`. An incorrect conversion of `@` in protocol in `href` leads to improper validation of the hostname.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Authorization Bypass vulnerability in url-parse

SUMMARY

Authorization Bypass through User-Controlled Key in NPM `url-parse`. An incorrect conversion of `@` in protocol in `href` leads to improper validation of the hostname.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

15 Jan 2022

CVE ID

N/A

Name

Improper Restriction of XML External Entity Reference in jetbrains/kotlin

CVE SCORE

Page

Summary

The ModuleXmlParser.parse() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Improper Restriction of XML External Entity Reference in jetbrains/kotlin

SUMMARY

The ModuleXmlParser.parse() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: Low

Date

30 Dec 2021

CVE ID

CVE-2021-44832

Name

Deserialization attack via JDBC Appender in log4j

CVE SCORE

Page

Summary

Deserialization attack via JDBCAppender's DataSource element in log4j

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Deserialization attack via JDBC Appender in log4j

SUMMARY

Deserialization attack via JDBCAppender's DataSource element in log4j

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

19 Sep 2021

CVE ID

CVE-2021-37794

Name

Stored XSS Vulnerability Discovered in FileBrowser

CVE SCORE

Page

Summary

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Stored XSS Vulnerability Discovered in FileBrowser

SUMMARY

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

1 Sep 2021

CVE ID

CVE-2021-33360

Name

Command injection vulnerability in @stoqey/gnuplot

CVE SCORE

Page

Summary

All versions of the NPM package `@stoqey/gnuplot` are vulnerable to command injection. The function `plotCallack` receives and executes unsanitized input that is controlled by the user.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in @stoqey/gnuplot

SUMMARY

All versions of the NPM package `@stoqey/gnuplot` are vulnerable to command injection. The function `plotCallack` receives and executes unsanitized input that is controlled by the user.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

1 Sep 2021

CVE ID

N/A

Name

Command injection vulnerability in ssh2

CVE SCORE

Page

Summary

NPM package ssh2 prior to 1.0.0 is vulnerable to command injection through the unsafe execution of user-controlled parameters.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in ssh2

SUMMARY

NPM package ssh2 prior to 1.0.0 is vulnerable to command injection through the unsafe execution of user-controlled parameters.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

22 Jul 2021

CVE ID

CVE-2021-37367

Name

Code Execution Vulnerability Discovered in CTparetnal

CVE SCORE

Page

Summary

Code Execution Vulnerability Discovered in CTparetnal due to directory traversal.

Properties

Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Code Execution Vulnerability Discovered in CTparetnal

SUMMARY

Code Execution Vulnerability Discovered in CTparetnal due to directory traversal.

PROPERTIES

Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

14 Jul 2021

CVE ID

CVE-2021-37365

Name

Reflected XSS Vulnerability Discovered in CTparetnal

CVE SCORE

Page

Summary

Reflected XSS Vulnerability Discovered in CTparetnal, in the file 'bl_categories_help.php'.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Reflected XSS Vulnerability Discovered in CTparetnal

SUMMARY

Reflected XSS Vulnerability Discovered in CTparetnal, in the file 'bl_categories_help.php'.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

14 Jul 2021

CVE ID

CVE-2021-37366

Name

CSRF Vulnerability Discovered in CTparetnal

CVE SCORE

Page

Summary

CSRF Vulnerability Discovered in the CTparental admin panel.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

CSRF Vulnerability Discovered in CTparetnal

SUMMARY

CSRF Vulnerability Discovered in the CTparental admin panel.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

29 Jun 2021

CVE ID

N/A

Name

Command injection vulnerability in coveralls

CVE SCORE

Page

Summary

The coveralls npm package allows OS Command Injection via shell metacharacters, as demonstrated by getBaseOptions().

Properties

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in coveralls

SUMMARY

The coveralls npm package allows OS Command Injection via shell metacharacters, as demonstrated by getBaseOptions().

PROPERTIES

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Jun 2021

CVE ID

CVE-2021-36518

Name

Prototype pollution in cloneextend

CVE SCORE

Page

Summary

Prototype pollution via the clone and extend functions in cloneextend

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Prototype pollution in cloneextend

SUMMARY

Prototype pollution via the clone and extend functions in cloneextend

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Date

28 Jun 2021

CVE ID

CVE-2021-36517

Name

Prototype pollution in extend2

CVE SCORE

Page

Summary

Prototype pollution via the extend function in extend2

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Prototype pollution in extend2

SUMMARY

Prototype pollution via the extend function in extend2

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Date

22 Jun 2021

CVE ID

CVE-2021-34826

Name

SQL Injection in Heimdall Gateway - heimdall/getheimdall

CVE SCORE

Page

Summary

An unauthenticated SQL Injection in Heimdall Gateway may allow remote compromise of the database.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

SQL Injection in Heimdall Gateway - heimdall/getheimdall

SUMMARY

An unauthenticated SQL Injection in Heimdall Gateway may allow remote compromise of the database.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-31800

Name

Path Traversal Vulnerability Discovered in Impacket

CVE SCORE

Page

Summary

Path Traversal Vulnerability Discovered in Impacket before 0.9.23, which could lead to RCE depending on the environment and the operating system.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Path Traversal Vulnerability Discovered in Impacket

SUMMARY

Path Traversal Vulnerability Discovered in Impacket before 0.9.23, which could lead to RCE depending on the environment and the operating system.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33356

Name

Privilege Escalation Vulnerability Discovered in RaspAP

CVE SCORE

Page

Summary

Privilege Escalation Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33357 or CVE-2021-33358 could lead to RCE with root privileges'.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Privilege Escalation Vulnerability Discovered in RaspAP

SUMMARY

Privilege Escalation Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33357 or CVE-2021-33358 could lead to RCE with root privileges'.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33357

Name

Unauthenticated Command Injection Vulnerability Discovered in RaspAP

CVE SCORE

Page

Summary

Unauthenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Unauthenticated Command Injection Vulnerability Discovered in RaspAP

SUMMARY

Unauthenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33358

Name

Authenticated Command Injection Vulnerability Discovered in RaspAP

CVE SCORE

Page

Summary

Authenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Authenticated Command Injection Vulnerability Discovered in RaspAP

SUMMARY

Authenticated Command Injection Vulnerability Discovered in RaspAP before 2.6.6, which combined with CVE-2021-33356 could lead to RCE with root privileges.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

21 Jun 2021

CVE ID

CVE-2021-33359

Name

Arbitrary File Read Vulnerability Discovered in GoWitness

CVE SCORE

Page

Summary

Arbitrary File Read Vulnerability Discovered in GoWitness before 2.3.6, which enables attackers to read files from the host when acting as a Screenshot Server.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Arbitrary File Read Vulnerability Discovered in GoWitness

SUMMARY

Arbitrary File Read Vulnerability Discovered in GoWitness before 2.3.6, which enables attackers to read files from the host when acting as a Screenshot Server.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

14 Jun 2021

CVE ID

CVE-2021-33829

Name

Stored XSS Vulnerability Discovered in CKEditor4

CVE SCORE

Page

Summary

Stored XSS Vulnerability Discovered in CKEditor4.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS Vulnerability Discovered in CKEditor4

SUMMARY

Stored XSS Vulnerability Discovered in CKEditor4.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

4 Jun 2021

CVE ID

CVE-2021-25641

Name

Unsafe Deserialization In Apache Dubbo & Alibaba Dubbo

CVE SCORE

Page

Summary

Deserialization issues in the Dubbo pipeline allows submitting a malformed gadget object to a Dubbo endpoint, resulting in RCE.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Unsafe Deserialization In Apache Dubbo & Alibaba Dubbo

SUMMARY

Deserialization issues in the Dubbo pipeline allows submitting a malformed gadget object to a Dubbo endpoint, resulting in RCE.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

17 May 2021

CVE ID

CVE-2021-33420

Name

Deserialization RCE attack in replicator

CVE SCORE

Page

Summary

Deserialization RCE attack in replicator npm package via the TypedArrays objects

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Deserialization RCE attack in replicator

SUMMARY

Deserialization RCE attack in replicator npm package via the TypedArrays objects

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

5 May 2021

CVE ID

CVE-2021-29369

Name

Command Injection in @rkesters/gnuplot

CVE SCORE

Page

Summary

The @rkesters/gnuplot package prior to version 0.1.0 allows code execution via shell metacharacters in Gnuplot commands.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command Injection in @rkesters/gnuplot

SUMMARY

The @rkesters/gnuplot package prior to version 0.1.0 allows code execution via shell metacharacters in Gnuplot commands.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

29 Apr 2021

CVE ID

CVE-2021-26543

Name

Command injection vulnerability in git-parse

CVE SCORE

Page

Summary

the gitDiff function of git-parse is vulnerable to command injection vulnerability

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in git-parse

SUMMARY

the gitDiff function of git-parse is vulnerable to command injection vulnerability

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command Injection in gnuplot-heatmap

CVE SCORE

Page

Summary

Command Injection in gnuplot-heatmap through the `outFile` option

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command Injection in gnuplot-heatmap

SUMMARY

Command Injection in gnuplot-heatmap through the `outFile` option

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command Injection in jandoc

CVE SCORE

Page

Summary

Command Injection in jandoc

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command Injection in jandoc

SUMMARY

Command Injection in jandoc

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in lifion-verify-deps

CVE SCORE

Page

Summary

The lifion-verify-deps npm package allows OS Command Injection via a crafted package.json file.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in lifion-verify-deps

SUMMARY

The lifion-verify-deps npm package allows OS Command Injection via a crafted package.json file.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Command Injection in docker-tester

CVE SCORE

Page

Summary

docker-tester allows command injection via a crafted docker-compose file.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command Injection in docker-tester

SUMMARY

docker-tester allows command injection via a crafted docker-compose file.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Gnuplot Command Injection in gnu-plot

CVE SCORE

Page

Summary

Gnuplot Command Injection in gnu-plot through the `set()`, `plot()`, and `splot()` functions

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Gnuplot Command Injection in gnu-plot

SUMMARY

Gnuplot Command Injection in gnu-plot through the `set()`, `plot()`, and `splot()` functions

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

OS Command Injection in plotter

CVE SCORE

Page

Summary

OS Command Injection in plotter through the `plot()` function

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

OS Command Injection in plotter

SUMMARY

OS Command Injection in plotter through the `plot()` function

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Apr 2021

CVE ID

N/A

Name

Gnuplot Command Injection in plotframes

CVE SCORE

Page

Summary

Gnuplot Command Injection in plotframes through the `plotScript()` function

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Gnuplot Command Injection in plotframes

SUMMARY

Gnuplot Command Injection in plotframes through the `plotScript()` function

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

27 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the ssl-utils NPM package

CVE SCORE

Page

Summary

All versions of the ssl-utils Node.js package are vulnerable to command injection via the createCertRequest() and createCert() methods.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in the ssl-utils NPM package

SUMMARY

All versions of the ssl-utils Node.js package are vulnerable to command injection via the createCertRequest() and createCert() methods.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

27 Apr 2021

CVE ID

N/A

Name

Command Injection in azure-gs

CVE SCORE

Page

Summary

Command Injection in azure-gs through the `exec()` function

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Command Injection in azure-gs

SUMMARY

Command Injection in azure-gs through the `exec()` function

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Date

26 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the google-it NPM package

CVE SCORE

Page

Summary

Remote command injection vulnerability in google-it up to version 1.6.2

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in the google-it NPM package

SUMMARY

Remote command injection vulnerability in google-it up to version 1.6.2

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

Remote code execution vulnerability in reqwest

CVE SCORE

Page

Summary

When receiving a response from a server with 'Content-Type: javascript' reqwest will automatically eval the content.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Remote code execution vulnerability in reqwest

SUMMARY

When receiving a response from a server with 'Content-Type: javascript' reqwest will automatically eval the content.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

26 Apr 2021

CVE ID

CVE-2021-31896

Name

Command injection vulnerability in curl-ganteng

CVE SCORE

Page

Summary

The curl function in curl-ganteng has a command injection vulnerability. In case the input is untrusted RCE can be achieved.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in curl-ganteng

SUMMARY

The curl function in curl-ganteng has a command injection vulnerability. In case the input is untrusted RCE can be achieved.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the gitsome NPM package

CVE SCORE

Page

Summary

gitsome through 0.2.3 is vulnerable to RCE via crafted git tag names.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in the gitsome NPM package

SUMMARY

gitsome through 0.2.3 is vulnerable to RCE via crafted git tag names.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in the proctree NPM package

CVE SCORE

Page

Summary

All versions of the proctree Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the getProcessTree() function.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in the proctree NPM package

SUMMARY

All versions of the proctree Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the getProcessTree() function.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

26 Apr 2021

CVE ID

N/A

Name

OS Command Injection in ebook

CVE SCORE

Page

Summary

OS Command Injection in ebook through the `Pandoc()` and `KindleGen()` functions

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

OS Command Injection in ebook

SUMMARY

OS Command Injection in ebook through the `Pandoc()` and `KindleGen()` functions

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

25 Apr 2021

CVE ID

N/A

Name

Command injection vulnerability in s3-uploader

CVE SCORE

Page

Summary

The latest version of s3-uploader is vulnerable to command injection via the getMetadata() function.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in s3-uploader

SUMMARY

The latest version of s3-uploader is vulnerable to command injection via the getMetadata() function.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

23 Mar 2021

CVE ID

CVE-2021-29300

Name

Command injection vulnerability in @ronomon/opened

CVE SCORE

Page

Summary

The opened @ronomon/opened library up to 1.5.1, a node api used for checking if a certain file is opened on a system, is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in @ronomon/opened

SUMMARY

The opened @ronomon/opened library up to 1.5.1, a node api used for checking if a certain file is opened on a system, is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

28 Feb 2021

CVE ID

CVE-2021-26539

Name

Validation Bypass in sanitize-html using IDN

CVE SCORE

Page

Summary

sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname validation.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Validation Bypass in sanitize-html using IDN

SUMMARY

sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname validation.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

28 Feb 2021

CVE ID

CVE-2021-26540

Name

Validation Bypass in sanitize-html using protocol relative URLs

CVE SCORE

Page

Summary

Apostrophe Technologies sanitize-html does not properly validate the hostnames set by the allowedIframeHostnames option when the allowIframeRelativeUrls is set to true.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Validation Bypass in sanitize-html using protocol relative URLs

SUMMARY

Apostrophe Technologies sanitize-html does not properly validate the hostnames set by the allowedIframeHostnames option when the allowIframeRelativeUrls is set to true.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

18 Feb 2021

CVE ID

CVE-2021-27515

Name

Hostname spoofing in url-parse

CVE SCORE

Page

Summary

url-parse before 1.5.0 parses URLs with backslash in the protocol as relative path, such as `http:/`

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Hostname spoofing in url-parse

SUMMARY

url-parse before 1.5.0 parses URLs with backslash in the protocol as relative path, such as `http:/`

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Date

13 Feb 2021

CVE ID

CVE-2021-27516

Name

Hostname spoofing in urijs

CVE SCORE

Page

Summary

urijs before 1.19.6 parses URLs with backslash in the protocol as relative path, e.g.`http:/`

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

Hostname spoofing in urijs

SUMMARY

urijs before 1.19.6 parses URLs with backslash in the protocol as relative path, e.g.`http:/`

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Date

10 Feb 2021

CVE ID

CVE-2021-27191

Name

Denial of Service in get-ip-range package

CVE SCORE

Page

Summary

DoS vulnerability in get-ip-range before 4.0.0 passing a large ip-range could result in JavaScript heap out of memory crash

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

Denial of Service in get-ip-range package

SUMMARY

DoS vulnerability in get-ip-range before 4.0.0 passing a large ip-range could result in JavaScript heap out of memory crash

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

9 Feb 2021

CVE ID

CVE-2020-28997

Name

Local File Inclusion vulnerabilities in Pixel Caffeine Wordpress plugin

CVE SCORE

Page

Summary

LFI vulnerabilities in Pixel Caffeine Wordpress plugin, by leveraging the LFI into an XSS, RCE could be achieved.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Local File Inclusion vulnerabilities in Pixel Caffeine Wordpress plugin

SUMMARY

LFI vulnerabilities in Pixel Caffeine Wordpress plugin, by leveraging the LFI into an XSS, RCE could be achieved.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: None

Date

9 Feb 2021

CVE ID

CVE-2021-27185

Name

Command injection vulnerability in samba-client

CVE SCORE

Page

Summary

The samba-client library for NodeJS before version 4.0.0 suffers from a command injection vulnerability. In the cases that this library is used in a project where the connection parameters may be defined by untrusted input, a malicious actor will be able to use this to inject malicious commands in the server hosting the Node JS application.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in samba-client

SUMMARY

The samba-client library for NodeJS before version 4.0.0 suffers from a command injection vulnerability. In the cases that this library is used in a project where the connection parameters may be defined by untrusted input, a malicious actor will be able to use this to inject malicious commands in the server hosting the Node JS application.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

1 Feb 2021

CVE ID

CVE-2021-23980

Name

Mutation XSS in Mozilla-bleach using comments

CVE SCORE

Page

Summary

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with svg/math, p/br, one of the RCDATA tags, and comments allowed.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Mutation XSS in Mozilla-bleach using comments

SUMMARY

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with svg/math, p/br, one of the RCDATA tags, and comments allowed.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

21 Jan 2021

CVE ID

CVE-2021-26276

Name

Command injection vulnerability in the config-shield NPM package

CVE SCORE

Page

Summary

When using config-shield in CLI mode, malicious code could be executed when passed through the 'set' command.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Command injection vulnerability in the config-shield NPM package

SUMMARY

When using config-shield in CLI mode, malicious code could be executed when passed through the 'set' command.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None

Date

21 Jan 2021

CVE ID

CVE-2021-26275

Name

Command injection vulnerability in the eslint-fixer NPM package

CVE SCORE

Page

Summary

All versions of eslint-fixer Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the fix() function.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in the eslint-fixer NPM package

SUMMARY

All versions of eslint-fixer Node.js package are vulnerable to command injection. Exploitation is possible via unsanitized shell metacharacters provided to the fix() function.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

20 Jan 2021

CVE ID

CVE-2021-3190

Name

Command injection vulnerability in async-git

CVE SCORE

Page

Summary

The async-git npm package allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in async-git

SUMMARY

The async-git npm package allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

14 Jan 2021

CVE ID

CVE-2021-3133

Name

CSRF in Elementor-Contact-Form-DB wordpress plugin

CVE SCORE

Page

Summary

CSRF in the settings page of Elementor-Contact-Form-DB wordpress plugin

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

CSRF in Elementor-Contact-Form-DB wordpress plugin

SUMMARY

CSRF in the settings page of Elementor-Contact-Form-DB wordpress plugin

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

11 Jan 2021

CVE ID

CVE-2021-23326

Name

Command injection vulnerability in @graphql-tools/git-loader

CVE SCORE

Page

Summary

The loadFromGit function in index.cjs.js has a command injection vulnerability. Clients of the library are unlikely to be aware of this, so they might unwittingly write code that contains.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in @graphql-tools/git-loader

SUMMARY

The loadFromGit function in index.cjs.js has a command injection vulnerability. Clients of the library are unlikely to be aware of this, so they might unwittingly write code that contains.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

6 Jan 2021

CVE ID

CVE-2020-35774

Name

Stored XSS via /histogram endpoint in twitter-server

CVE SCORE

Page

Summary

In Twitter-server before 21.12.0, a reflected XSS exists in the administration panel of twitter-server in the histograms component.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS via /histogram endpoint in twitter-server

SUMMARY

In Twitter-server before 21.12.0, a reflected XSS exists in the administration panel of twitter-server in the histograms component.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

6 Jan 2021

CVE ID

CVE-2021-26541

Name

Command injection vulnerability in gitlog

CVE SCORE

Page

Summary

The gitlog function in src/index.ts has a command injection vulnerability. Clients of the gitlog library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Command injection vulnerability in gitlog

SUMMARY

The gitlog function in src/index.ts has a command injection vulnerability. Clients of the gitlog library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

23 Dec 2020

CVE ID

CVE-2020-35773

Name

RCE via site-offline wordpress plugin

CVE SCORE

Page

Summary

CSRF and XSS vulnerabilities in site-offline resulting in an RCE

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

RCE via site-offline wordpress plugin

SUMMARY

CSRF and XSS vulnerabilities in site-offline resulting in an RCE

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: None

Date

17 Dec 2020

CVE ID

CVE-2020-26275

Name

Open redirect in Jupyter server

CVE SCORE

Page

Summary

Open redirect vulnerability in Jupyter server via the /login?next= path

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Open redirect in Jupyter server

SUMMARY

Open redirect vulnerability in Jupyter server via the /login?next= path

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

8 Dec 2020

CVE ID

CVE-2020-35135

Name

CSRF in ultimate-category-excluder wordpress plugin

CVE SCORE

Page

Summary

CSRF in the settings page of ultimate-category-excluder wordpress plugin

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

CSRF in ultimate-category-excluder wordpress plugin

SUMMARY

CSRF in the settings page of ultimate-category-excluder wordpress plugin

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

2 Dec 2020

CVE ID

CVE-2020-13669

Name

XSS in Drupal core's built-in CKEditor image caption functionality

CVE SCORE

Page

Summary

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

XSS in Drupal core's built-in CKEditor image caption functionality

SUMMARY

Drupal core's built-in CKEditor image caption functionality is vulnerable to XSS.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

30 Nov 2020

CVE ID

CVE-2020-28996

Name

CSRF and Reflected XSS in PowerPress Wordpress plugin

CVE SCORE

Page

Summary

Reflected XSS and CSRF in Powerpress Wordpress plugin admin page, which can result in an RCE

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

CSRF and Reflected XSS in PowerPress Wordpress plugin

SUMMARY

Reflected XSS and CSRF in Powerpress Wordpress plugin admin page, which can result in an RCE

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: None

Date

27 Nov 2020

CVE ID

CVE-2020-27783

Name

Mutation Cross-Site Scripting in lxml

CVE SCORE

Page

Summary

lxml utilize parser that doesn't imitate browsers, versions before 4.6.2 are vulnerable to mutation XSS.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Mutation Cross-Site Scripting in lxml

SUMMARY

lxml utilize parser that doesn't imitate browsers, versions before 4.6.2 are vulnerable to mutation XSS.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

19 Nov 2020

CVE ID

CVE-2020-13663

Name

Reflected DOM-based XSS in Drupal Core

CVE SCORE

Page

Summary

A reflected DOM-based XSS was identified in Drupal Core, which allows an attacker to craft a web-page that would send a request to the`edit node` or `add node` endpoint and will be reflected in the victim's browser.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Reflected DOM-based XSS in Drupal Core

SUMMARY

A reflected DOM-based XSS was identified in Drupal Core, which allows an attacker to craft a web-page that would send a request to the`edit node` or `add node` endpoint and will be reflected in the victim's browser.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

18 Nov 2020

CVE ID

N/A

Name

Reintroduced ReDoS in debug

CVE SCORE

Page

Summary

Reintroduced ReDoS vulnerabilty (CVE-2017-16137) in debug from version 4.0.0 up to 4.3.0

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Reintroduced ReDoS in debug

SUMMARY

Reintroduced ReDoS vulnerabilty (CVE-2017-16137) in debug from version 4.0.0 up to 4.3.0

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Low

Date

17 Nov 2020

CVE ID

CVE-2020-13942

Name

Remote Code Execution in Apache Unomi using `MVEL` and `OGNL` expressions

CVE SCORE

Page

Summary

In Apache Unomi before 1.5.2 is vulnerable to a remote code execution vulnerability by sending malicious requests with MVEL an OGNL expressions.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Remote Code Execution in Apache Unomi using `MVEL` and `OGNL` expressions

SUMMARY

In Apache Unomi before 1.5.2 is vulnerable to a remote code execution vulnerability by sending malicious requests with MVEL an OGNL expressions.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

16 Nov 2020

CVE ID

CVE-2020-28995

Name

Reflected XSS in Paid Memberships Pro Wordpress plugin

CVE SCORE

Page

Summary

Reflected XSS on an admin page in Paid Memberships Pro, which can potentially result in an RCE

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Reflected XSS in Paid Memberships Pro Wordpress plugin

SUMMARY

Reflected XSS on an admin page in Paid Memberships Pro, which can potentially result in an RCE

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: None

Date

8 Nov 2020

CVE ID

CVE-2020-15275

Name

XSS in MoinMoin when uploading a SVG file with malicious javascript code in its content

CVE SCORE

Page

Summary

MoinMoin before 1.9.11 is vulnerable to an XSS attack, by uploading a SVG file that contains malicious javascript code.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Page

FULL VULNERABILITY NAME

XSS in MoinMoin when uploading a SVG file with malicious javascript code in its content

SUMMARY

MoinMoin before 1.9.11 is vulnerable to an XSS attack, by uploading a SVG file that contains malicious javascript code.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

Date

10 Oct 2020

CVE ID

CVE-2020-26935

Name

SQL Injection in phpMyAdmin

CVE SCORE

Page

Summary

SQL Injection in phpMyAdmin through `SearchController`

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

SQL Injection in phpMyAdmin

SUMMARY

SQL Injection in phpMyAdmin through `SearchController`

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

20 Aug 2020

CVE ID

CVE-2020-14042

Name

Stored XSS via folder name in Codiad

CVE SCORE

Page

Summary

Stored XSS in the folder name variable in Codiad

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Stored XSS via folder name in Codiad

SUMMARY

Stored XSS in the folder name variable in Codiad

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

20 Aug 2020

CVE ID

CVE-2020-14043

Name

Codiad CSRF in the plugin request

CVE SCORE

Page

Summary

CSRF vulnerability in the marketplace plugin download request

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Codiad CSRF in the plugin request

SUMMARY

CSRF vulnerability in the marketplace plugin download request

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

20 Aug 2020

CVE ID

CVE-2020-14044

Name

Codiad SSRF when installing a plugin

CVE SCORE

Page

Summary

SSRF vulnerability when installing a plugin causing arbitrary file download

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Codiad SSRF when installing a plugin

SUMMARY

SSRF vulnerability when installing a plugin causing arbitrary file download

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

22 Apr 2020

CVE ID

CVE-2020-7598

Name

Prototype Pollution vulnerability in Minimist

CVE SCORE

Page

Summary

Minist before version 1.2.3 or 0.2.1 is vulnerable to prototupe pollution because the arguments are not properly sanitized.

Properties

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

Prototype Pollution vulnerability in Minimist

SUMMARY

Minist before version 1.2.3 or 0.2.1 is vulnerable to prototupe pollution because the arguments are not properly sanitized.

PROPERTIES

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Date

17 Mar 2020

CVE ID

CVE-2020-6816

Name

Mutation XSS in Mozilla-bleach via svg or math

CVE SCORE

Page

Summary

In Mozilla Bleach before 3.1.2, a mutation XSS affects users calling bleach.clean with svg or math and a style tags allowed.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Mutation XSS in Mozilla-bleach via svg or math

SUMMARY

In Mozilla Bleach before 3.1.2, a mutation XSS affects users calling bleach.clean with svg or math and a style tags allowed.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

25 Feb 2020

CVE ID

CVE-2020-6802

Name

Mutation XSS in Mozilla-bleach via noscript

CVE SCORE

Page

Summary

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Mutation XSS in Mozilla-bleach via noscript

SUMMARY

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

16 Feb 2020

CVE ID

N/A

Name

Open redirect in macaron/i18n

CVE SCORE

Page

Summary

Open redirect vulnerability in the GoLang package i18n via double slash.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Open redirect in macaron/i18n

SUMMARY

Open redirect vulnerability in the GoLang package i18n via double slash.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

10 Feb 2020

CVE ID

CVE-2019-17564

Name

Unsafe deserialization in Apache Dubbo

CVE SCORE

Page

Summary

Unsafe deserialization vulnerability in Apache Dubbo which has HTTP remoting enabled, could allow to trigger remote code execution with no authentication.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Page

FULL VULNERABILITY NAME

Unsafe deserialization in Apache Dubbo

SUMMARY

Unsafe deserialization vulnerability in Apache Dubbo which has HTTP remoting enabled, could allow to trigger remote code execution with no authentication.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Date

26 Sep 2019

CVE ID

N/A

Name

OS command execution vulnerability in Commander.js

CVE SCORE

Page

Summary

With a given a permission to write and set permissions on a file in the same working directory as the application, an attacker could run arbitrary command on the server

Properties

Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Page

FULL VULNERABILITY NAME

OS command execution vulnerability in Commander.js

SUMMARY

With a given a permission to write and set permissions on a file in the same working directory as the application, an attacker could run arbitrary command on the server

PROPERTIES

Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Date

31 Jan 2019

CVE ID

N/A

Name

Open redirect in gitea/blog

CVE SCORE

Page

Summary

Open redirect vulnerability in the GoLang package i18n via double slash - '//'

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Open redirect in gitea/blog

SUMMARY

Open redirect vulnerability in the GoLang package i18n via double slash - '//'

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

31 Jan 2019

CVE ID

CVE-2019-3826

Name

DOM XSS in Prometheus

CVE SCORE

Page

Summary

DOM XSS in the stored history field of Prometheus

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

DOM XSS in Prometheus

SUMMARY

DOM XSS in the stored history field of Prometheus

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

13 Dec 2017

CVE ID

CVE-2016-10703

Name

Denial of Service (DoS) vulnerability in ecstatic npm package

CVE SCORE

Page

Summary

A Denial of Service (DoS) vulnerability in the file ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Page

FULL VULNERABILITY NAME

Denial of Service (DoS) vulnerability in ecstatic npm package

SUMMARY

A Denial of Service (DoS) vulnerability in the file ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High

Date

17 Nov 2017

CVE ID

CVE-2017-14077

Name

HTML injection in Securimage

CVE SCORE

Page

Summary

An HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

HTML injection in Securimage

SUMMARY

An HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Date

18 May 2016

CVE ID

CVE-2016-10510

Name

Cross-Site Scripting in Kohana PHP

CVE SCORE

Page

Summary

A Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary JavaScript by bypassing the strip_image_tags protection mechanism

Properties

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Page

FULL VULNERABILITY NAME

Cross-Site Scripting in Kohana PHP

SUMMARY

A Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary JavaScript by bypassing the strip_image_tags protection mechanism

PROPERTIES

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

Stay connected and never miss a research update!

Contact us