CVE-2024-42898

A cross-site scripting XSS vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page...

PT-2025-2637 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 2024R1.1.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. This enables attackers t...

CVE-2024-42898

A cross-site scripting XSS vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page...

PT-2024-37833 · 2100 Technology · Electronic Official Document Management System

Name of the Vulnerable Software and Affected Versions: Electronic Official Document Management System from 2100 TECHNOLOGY affected versions not specified Description: The issue concerns improper implementation of access control in the system, allowing remote attackers with regular privileges to...

CVE-2024-27711

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings...

eSkooly Security Vulnerabilities

eSkooly is a free online school management software from eSkooly, Inc. A security vulnerability exists in eSkooly 3.0 and prior versions, which originates from a remote attacker being able to elevate privileges via the Sin-up process feature in the account settings...

PT-2024-22003 · Unknown · Eskooly Free Online School Management

Name of the Vulnerable Software and Affected Versions: Eskooly Free Online School management Software versions 3.0 and earlier Description: The issue allows a remote attacker to escalate privileges via the sign-up process function in the account settings. Recommendations: For versions 3.0 and...

CVE-2024-37765

Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page...

CVE-2024-37765

Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page...

Machform Security Vulnerabilities

Machform is an online questionnaire program. A security vulnerability exists in Machform version 19 and prior versions that originates from an authenticated blind SQL injection in the user account settings page...

MAL-2024-1722 Malicious code in account-settings (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign formerly HelloSign was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with th...

Hospital Management System 1.0 Cross Site Scripting

Exploit Title: Hospital Management System - Stord XSS Google Dork: N/A Application: Hospital Management System Date: 27.02.2024 Bugs: Stord XSS Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

GHSA-XQ4R-4XFH-VCH8 Liferay Portal and Liferay DXP vulnerable to theft of hashed password

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password...

Default credentials

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password...

CVE-2024-26270

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password...

CVE-2024-26270

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password...

OpenReplay Security Vulnerabilities

OpenReplay is developer-friendly, self-hosted session replay. A security vulnerability exists in OpenReplay version 1.14.0 and prior releases that stems from a lack of validation of Name field-Account Settings, which allows an attacker to send an email with HTML injection code to a victim...

Malicious code in @zettle-bo/account-settings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b17c84d8882d13329dffcb79f072da64a52b32b63fb3e8ba5a30daaec4e69a57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...