Show filters
863 Total Results
Displaying 31-40 of 863
Sort by:
Attacker Value
Unknown

CVE-2024-11885

Disclosure Date: December 24, 2024 (last updated January 05, 2025)
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56356

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56355

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-56354

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56353

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56352

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-56351

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56350

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56349

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56348

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous  Next >