9 matches found
CVE-2026-45563 Roxy-WI: IDOR — any authenticated user can read another user's full action history
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...
CVE-2026-22231
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...
CVE-2026-22231
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...
CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...
CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...
CVE-2026-22231
OPEXUS eCASE Audit is affected by a stored XSS in the Document Check Out comments. An authenticated attacker can save JavaScript as a comment, which is executed when another user views the Action History Log. Affected product: OPEXUS eCASE Audit (server-side application). Root cause: stored JavaS...
Cloudbees Jenkins Chaos Monkey Plugin Authorization Issue Vulnerability (CNVD-2020-70261)
Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...
Design/Logic Flaw
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions...
Cloudbees Jenkins 授权问题漏洞
Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...