11 matches found
CVE-2026-43712
creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:42+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
@iurra/chickpea-stew (>=0.3.0 <=0.3.7), @joaopaulomfe/generator-jhipster-agile-kip (>=0.1.0 <=0.1.1) +176 more potentially affected by CVE-2025-43712 via generator-jhipster (>=2.25.0 <=9.1.0)
generator-jhipster NPM version =2.25.0, =0.3.0, =0.1.0, =0.0.7, =0.0.3, =0.0.11, =2.0.13, =0.0.0, =1.0.0, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2025-43712 Source advisory: SNYK:JS-GENERATORJHIPSTER-11023283...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
CVE-2022-43712
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...
CVE-2024-43712 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a user-controllable source is improperly sanitize...
CVE-2023-43712
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "accesslevelsname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2022-43712
GX Software XperienCentral 10.36.0 and earlier is affected by CVE-2022-22965 (Spring4Shell) via data binding in Spring MVC/WebFlux on Java 9+. An attacker able to reach a vulnerable WAR/deployed app could achieve remote code execution. Root cause: unsafe data binding in Spring Framework modules; ...
CVE-2021-43712
Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field...
CVE-2021-43712
CVE-2021-43712 corresponds to a Stored XSS vulnerability in Sourcecodester’s Employee Daily Task Management System v1.0, occurring in the Add New Employee Form Name field. The incident is described across multiple sources as enabling a remote attacker to inject/store arbitrary code via the Name f...