Lucene search
+L

344 matches found

Snyk
Snyk
added 2025/06/24 6:42 p.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via an anonymously accessible endpoint that reveals details about configured password requirements. An attacker can gain insight into password policy information...

6.9CVSS6.9AI score0.00289EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:43 a.m.7 views

CVE-2025-24012

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 conta...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:40 a.m.12 views

CVE-2024-45278

SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

5.4CVSS6AI score0.00245EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.12 views

CVE-2024-34071

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in versions 8.18.14,...

6.1CVSS6.7AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.4 views

CVE-2024-35218

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...

4.8CVSS6.1AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.11 views

CVE-2023-38694

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain ...

5.4CVSS6.7AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:56 p.m.11 views

CVE-2022-32118

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the dispatchcategory parameter in backoffice.inc.php...

6.1CVSS6.2AI score0.01084EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.5 views

CVE-2020-6302

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session...

8.1CVSS6.8AI score0.00805EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.7 views

CVE-2019-13957

In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter...

9.8CVSS8.2AI score0.01361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:24 a.m.13 views

CVE-2005-3397

Cross-site scripting XSS vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersusbackofficesupportError.asp. NOTE: the comersusbackofficemessage.asp/message vector is already covered by CVE-2005-2191 item 2...

4.3CVSS5.8AI score0.01394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:37 p.m.9 views

CVE-2005-3285

Cross-site scripting XSS vulnerability in comersusbackofficesearchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the 1 forwardTo1, 2 forwardTo2, 3 nameFT1, or 4 nameFT2 parameters...

4.3CVSS5.9AI score0.01861EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:8 p.m.8 views

CVE-1999-0372

The installer for BackOffice Server includes account names and passwords in a setup file reboot.ini which is not deleted...

2.1CVSS7AI score0.04549EPSS
Exploits0References1
NVD
NVD
added 2025/05/20 1:15 p.m.13 views

CVE-2025-40635

SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...

9.3CVSS0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/20 12:51 p.m.8 views

CVE-2025-40635 SQL injection at Comerzzia

SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...

9.3CVSS7.8AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/20 12:51 p.m.27 views

CVE-2025-40635 SQL injection at Comerzzia

SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...

9.3CVSS0.0029EPSS
Exploits0References1
CVE
CVE
added 2025/05/20 12:51 p.m.51 views

CVE-2025-40635

CVE-2025-40635 affects Comerzzia Backoffice: Sales Orchestrator 3.0.15. A SQL injection in /comerzzia/login via uidActivity, codCompany, and uidInstance can expose full database access (retrieve, create, update, delete). Base score 9.3 (CRITICAL) per CVSS v4.0; network attack, no authentication, ...

9.3CVSS7.5AI score0.0029EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.5 views

Comerzzia Backoffice SQL注入漏洞

Comerzzia Backoffice is a modular retail platform from Comerzzia. A SQL injection vulnerability exists in Comerzzia Backoffice version 3.0.15, which stems from unfiltered uidActivity, codCompany, and uidInstance parameters, and could lead to SQL injection attacks...

9.3CVSS7.8AI score0.0029EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.7 views

PT-2025-22133 · Unknown · Comerzzia Backoffice: Sales Orchestrator

Name of the Vulnerable Software and Affected Versions: Comerzzia Backoffice: Sales Orchestrator version 3.0.15 Description: The issue allows an attacker to retrieve, create, update, and delete databases via the uidActivity, codCompany, and uidInstance parameters of the "/comerzzia/login" endpoint...

9.3CVSS6.2AI score0.0029EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/12 11:25 a.m.2 views

Malicious code in odin-backoffice-starter-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2982abf6f95afddda54146444463c8334c7677ea0b5d8fb203c536dc54470188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Veracode
Veracode
added 2025/03/17 5:1 p.m.16 views

Incorrect Authorization

Umbraco.Cms.Web.Backoffice is vulnerable to Incorrect Authorization. The vulnerability is due to improper access control due to manipulation of backoffice API URLs, allowing authenticated users to retrieve or delete restricted content...

6.4CVSS6.6AI score0.0028EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder