Search criteria
12 vulnerabilities found for bedita by bedita
FKIE_CVE-2019-15570
Vulnerability from fkie_nvd - Published: 2019-08-26 15:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/bedita/bedita/pull/1608 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bedita/bedita/pull/1608 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31ED5A9-BCFB-46A4-B2F2-F8C9CA6666F4",
"versionEndIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "EE3F5980-ECB6-47E4-9CD1-C222397976AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "59802BEC-8D2C-4C5D-94EE-CCF3B774A84E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "988F6CF0-CA2B-4579-AE24-562C5E3E0ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "842670BA-D131-4CE8-A337-4015AC56A03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "0B452E98-3646-4E77-AD96-C3ACEF0EB66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A16289C-B048-41CF-9B86-964E3F3798F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
},
{
"lang": "es",
"value": "BEdita versiones hasta 4.0.0-RC2, permite la inyecci\u00f3n SQL durante una operaci\u00f3n de guardar para una relaci\u00f3n con los par\u00e1metros."
}
],
"id": "CVE-2019-15570",
"lastModified": "2024-11-21T04:29:02.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T15:15:12.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/pull/1608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-9260
Vulnerability from fkie_nvd - Published: 2018-07-05 02:29 - Updated: 2024-11-21 02:40
Severity ?
Summary
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/bedita/bedita/issues/755#issuecomment-148036760 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/bedita/bedita/releases/tag/v3.7.0 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/cybersecurityworks/Disclosed/issues/8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bedita/bedita/issues/755#issuecomment-148036760 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bedita/bedita/releases/tag/v3.7.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cybersecurityworks/Disclosed/issues/8 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F3AE2B-CA3A-43C7-9A3B-808027038969",
"versionEndExcluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 3.7.0 de BEdita. Ocurre un ataque Cross-Site Scripting (XSS) mediante un URI pages/showObjects, tal y como queda demostrado adjuntando una carga \u00fatil a un URI pages/showObjects/2/0/0/leafs."
}
],
"id": "CVE-2015-9260",
"lastModified": "2024-11-21T02:40:10.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-05T02:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-6809
Vulnerability from fkie_nvd - Published: 2015-09-04 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6C54E-5A65-409F-B76F-4A95B120AF99",
"versionEndIncluding": "3.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en BEdita en versiones anteriores a 3.6.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) cfg[projectName] en index.php/admin/saveConfig, (2) data[stats_provider_url] en index.php/areas/saveArea o (3) data[description] en index.php/areas/saveSection."
}
],
"id": "CVE-2015-6809",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-04T15:59:06.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38051/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1040
Vulnerability from fkie_nvd - Published: 2015-01-15 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36E335ED-B8BA-470D-9C81-B1264325C8E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el backend adiministrativo en BEdita 3.4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s (1) del campo lrealname en el formulario editProfile en index.php/home/profile; del campo (2) data[title] o (3) data[description] en el formulario addQuickItem en index.php; del campo (4) \u0027note text\u0027 en el formulario saveNote en index.php/areas; o del campo (5) titleBEObject o (6) tagsArea en el formulario updateForm en index.php/documents/view."
}
],
"id": "CVE-2015-1040",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-15T15:59:28.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71949"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bedita/bedita/issues/566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-15570 (GCVE-0-2019-15570)
Vulnerability from cvelistv5 – Published: 2019-08-26 14:29 – Updated: 2024-08-05 00:49
VLAI?
Summary
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T14:29:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/pull/1608",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/pull/1608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15570",
"datePublished": "2019-08-26T14:29:04",
"dateReserved": "2019-08-25T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9260 (GCVE-0-2015-9260)
Vulnerability from cvelistv5 – Published: 2018-07-05 02:00 – Updated: 2024-08-06 08:43
VLAI?
Summary
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:05:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/releases/tag/v3.7.0",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"name": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"name": "https://github.com/cybersecurityworks/Disclosed/issues/8",
"refsource": "MISC",
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9260",
"datePublished": "2018-07-05T02:00:00",
"dateReserved": "2018-07-04T00:00:00",
"dateUpdated": "2024-08-06T08:43:42.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6809 (GCVE-0-2015-6809)
Vulnerability from cvelistv5 – Published: 2015-09-04 15:00 – Updated: 2024-09-16 23:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-04T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/issues/623",
"refsource": "CONFIRM",
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"name": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website",
"refsource": "CONFIRM",
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38051/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6809",
"datePublished": "2015-09-04T15:00:00Z",
"dateReserved": "2015-09-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:43.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1040 (GCVE-0-2015-1040)
Vulnerability from cvelistv5 – Published: 2015-01-15 15:00 – Updated: 2024-08-06 04:33
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"name": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"name": "https://github.com/bedita/bedita/issues/566",
"refsource": "CONFIRM",
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1040",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-11T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15570 (GCVE-0-2019-15570)
Vulnerability from nvd – Published: 2019-08-26 14:29 – Updated: 2024-08-05 00:49
VLAI?
Summary
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T14:29:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/pull/1608",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/pull/1608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15570",
"datePublished": "2019-08-26T14:29:04",
"dateReserved": "2019-08-25T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9260 (GCVE-0-2015-9260)
Vulnerability from nvd – Published: 2018-07-05 02:00 – Updated: 2024-08-06 08:43
VLAI?
Summary
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:05:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/releases/tag/v3.7.0",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"name": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"name": "https://github.com/cybersecurityworks/Disclosed/issues/8",
"refsource": "MISC",
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9260",
"datePublished": "2018-07-05T02:00:00",
"dateReserved": "2018-07-04T00:00:00",
"dateUpdated": "2024-08-06T08:43:42.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6809 (GCVE-0-2015-6809)
Vulnerability from nvd – Published: 2015-09-04 15:00 – Updated: 2024-09-16 23:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-04T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/issues/623",
"refsource": "CONFIRM",
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"name": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website",
"refsource": "CONFIRM",
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38051/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6809",
"datePublished": "2015-09-04T15:00:00Z",
"dateReserved": "2015-09-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:43.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1040 (GCVE-0-2015-1040)
Vulnerability from nvd – Published: 2015-01-15 15:00 – Updated: 2024-08-06 04:33
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"name": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"name": "https://github.com/bedita/bedita/issues/566",
"refsource": "CONFIRM",
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1040",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-11T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}