Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by...

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the c...

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many con...

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker t...

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not ...

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be...