14 matches found
CVE-2026-6419
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
CVE-2020-11983
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...
The vulnerability of the Admin Screens and Grants UI components of the Oracle Workflow system allows a malicious individual to gain read access to data or to modify, add, or delete data.
The vulnerability of the Admin Screens and Grants UI component of the Oracle Workflow system relates to improper storage of permissions. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or to modify, add, or delete data through HTTP requests...
CVE-2025-21541
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Admin Screens and Grants UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
PT-2024-27744 · Sunbird Dcim · Dctrack
Name of the Vulnerable Software and Affected Versions: Sunbird DCIM dcTrack version 9.1.2 Description: A Cross-Site Request Forgery CSRF issue allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. This can...
Sunbird DCIM dcTrack 安全漏洞
Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM. A security vulnerability exists in Sunbird DCIM dcTrack version v9.1.2, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML via ...
The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a task management system for enterprise automation in Oracle E-Business Suite, allows a perpetrator to execute arbitrary code.
The vulnerability of the Admin Screens and Grants UI components in the Oracle Workflow system, a component of the Oracle E-Business Suite for enterprise automation, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to...
elecom lan 授权问题漏洞
elecom lan routers is a router from Elecom Japan. An access control error vulnerability exists in elecom lan routers, which can be exploited by an attacker to bypass access restrictions and gain access to the product's administration screens via an unspecified vector...
Multiple stored XSS in RBAC Admin screens in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...
GHSA-Q4P3-QW5C-MHPC Multiple stored XSS in RBAC Admin screens in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...
PYSEC-2020-17
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks...
PT-2020-12966 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 1.10.10 and below Description: An issue was discovered in the admin management screens of the new/RBAC UI, where escaping was handled incorrectly. This allowed authenticated users with appropriate permissions to create...