The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2021-31865 | Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. | MEDIUM | Apr 28, 2021 |
CVE-2021-42326 | Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | MEDIUM | Oct 12, 2021 |
CVE-2023-47258 | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. | -- | Nov 6, 2023 |
CVE-2023-47259 | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. | -- | Nov 6, 2023 |
CVE-2023-47260 | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. | -- | Nov 6, 2023 |
CVE-2022-44637 | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | -- | Dec 12, 2022 |
CVE-2022-44031 | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. | -- | Dec 12, 2022 |
CVE-2024-31442 | Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch. | -- | Apr 8, 2024 |
CVE-2023-39619 | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. | -- | Oct 25, 2023 |
CVE-2022-42124 | ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the \'name\' field of a layout prototype. | -- | Nov 18, 2022 |
CVE-2020-22429 | redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs. | -- | May 4, 2023 |
CVE-2023-24619 | Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12. | -- | Feb 13, 2023 |
CVE-2023-50976 | Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. | -- | Dec 18, 2023 |
CVE-2023-33243 | RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application\'s database generally has become best practice to protect users\' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash. | -- | Jun 15, 2023 |
CVE-2019-12890 | RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. | HIGH | Jun 24, 2019 |
CVE-2022-39303 | Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds. | -- | Oct 14, 2022 |
CVE-2022-39302 | Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as Better-Audit-Logging which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds. | -- | Oct 14, 2022 |
CVE-2017-16188 | reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. | MEDIUM | Jun 6, 2018 |
CVE-2020-7659 | reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more. | MEDIUM | Jun 2, 2020 |
CVE-2023-41708 | References to the app loader functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known. | -- | Feb 16, 2024 |
CVE-2019-7341 | Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'newMonitor[LinkedMonitors]\' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7343 | Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'newMonitor[Method]\' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2023-4093 | Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim\'s browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user. | -- | Sep 19, 2023 |
CVE-2017-7421 | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. | MEDIUM | Aug 21, 2017 |
CVE-2017-7422 | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. | LOW | Aug 21, 2017 |
CVE-2020-8194 | Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | MEDIUM | Jul 10, 2020 |
CVE-2018-19644 | Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | -- | Mar 29, 2019 |
CVE-2022-27505 | Reflected cross site scripting (XSS) | MEDIUM | Apr 13, 2022 |
CVE-2019-7337 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view \'events\' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. | Low | Feb 5, 2019 |
CVE-2019-7332 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'eid\' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7333 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'Exportfile\' parameter value in the view download (download.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7334 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'Exportfile\' parameter value in the view export (export.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7349 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'newMonitor[V4LCapturesPerFrame]\' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7327 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'scale\' parameter value in the view frame (frame.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7328 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'scale\' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7330 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable \'show\' parameter value in the view frame (frame.php) because proper filtration is omitted. | Medium | Feb 5, 2019 |
CVE-2019-7325 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST[\'PHP_SELF\'], without applying any proper filtration. | Medium | Feb 4, 2019 |
CVE-2019-7329 | Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER[\'PHP_SELF\'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. | Medium | Feb 5, 2019 |
CVE-2023-25292 | Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | -- | Apr 27, 2023 |
CVE-2019-15501 | Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | MEDIUM | Aug 28, 2019 |
CVE-2021-45425 | Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. | MEDIUM | Dec 28, 2021 |
CVE-2023-33731 | Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | -- | Jun 2, 2023 |
CVE-2022-34879 | Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | MEDIUM | Jul 5, 2022 |
CVE-2023-50569 | Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. | -- | Dec 24, 2023 |
CVE-2021-22528 | Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | LOW | Sep 13, 2021 |
CVE-2022-26325 | Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 | MEDIUM | May 3, 2022 |
CVE-2024-30883 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function. | -- | Apr 11, 2024 |
CVE-2024-30879 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. | -- | Apr 11, 2024 |
CVE-2024-30880 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function. | -- | Apr 11, 2024 |
CVE-2023-49469 | Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. | -- | Dec 28, 2023 |