GitLab 13.3 Design Feature cross site scripting

A vulnerability, which was classified as problematic, was found in GitLab 13.3 (Bug Tracking Software). Affected is an unknown part of the component Design Feature. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

Description parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

Description Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

Description Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)