In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.