Page 104 of 3547 results (0.030 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the "query auto-suggestion" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2. • https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 https://www.progress.com/sitefinity-cms • CWE-284: Improper Access Control •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/stable/c/b9b17debc69d27cd55e21ee51a5ba7fc50a426cf https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955 https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322 https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834 https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7 https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e • CWE-416: Use After Free •

CVSS: 3.5EPSS: 0%CPEs: -EXPL: 0

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. • https://github.com/c4v4r0n/Research/blob/main/openemr_BlindSSRF/README.md https://github.com/mpdf/mpdf/issues/867 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: -EPSS: 0%CPEs: -EXPL: 1

SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. • https://github.com/keru6k/CVE-2024-22983 http://projectworlds.com http://visitor.com https://github.com/keru6k/CVE-2024-22983/blob/main/CVE-2024-22983.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •