📦 Metersphere

This SQL injection vulnerability in MeterSphere allows attackers to execute arbitrary SQL commands through the sortField parameter in API endpoints. This could lead to data theft, modification, or del...

Metersphere v1.20.20-lts-79d354a6 contains a remote command execution vulnerability in the custom code snippet function of the system workbench. Attackers can execute arbitrary system commands, potent...

This vulnerability allows any user to download any file from the MeterSphere testing platform without authentication. It affects all MeterSphere users running vulnerable versions, potentially exposing...

MeterSphere versions before 1.10.1-lts contain a stored cross-site scripting (XSS) vulnerability in the step editor. This allows attackers to inject malicious scripts that execute in users' browsers w...