Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Overview : An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration Affected Product(s) : Affects GitLab EE 11.5 and later. GitLab CE versions Vulnerability […]
Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 18.104.22.168
Overview : Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 22.214.171.124 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request. Affected Product(s) : KonaKart Storefront Application prior to 126.96.36.199 Vulnerability Details : CVE ID : […]