Exploit

CVE-2021-46387

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Mar 1, 2022 / Updated: 32mo ago

Original release date: March 7, 2022 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info jetbrains -- teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331 MISC MISC jetbrains -- teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. 2022-02-25 7.5 CVE-2022-24340 MISC MISC jetbrains -- youtrack JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. 2022-02-25 7.5 CVE-2022-24442 MISC MISC Back to top Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- airflow It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. 2022-02-25 4.3 CVE-2021-45229 MISC apache -- airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. 2022-02-25 6.5 CVE-2022-24288 MISC apache -- jspwiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later. 2022-02-25 6.8 CVE-2022-24947 MISC MLIST apache -- jspwiki A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"} {"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. An attacker can send a malicious MiB file to trigger this vulnerability.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-47211.yaml"} {"ID":"CVE-2023-47218","Info":{"Name":"QNAP QTS and QuTS Hero - OS Command Injection","Severity":"high","Description":"An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

Auto Generated Templates Checksum [Thu Apr 4 07:48:56 UTC 2024] :robot:

An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6184.yaml"} {"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4117.yaml"} {"ID":"CVE-2022-4140","Info":{"Name":"WordPress Welcart e-Commerce \u003c2.8.5 - Arbitrary File Access","Severity":"high","Description":"WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access.

Auto Generated Templates Checksum [Thu Apr 4 06:31:49 UTC 2024] :robot:

Auto Generated Templates Checksum [Thu Apr 4 03:57:37 UTC 2024] :robot: