Bonita BPM Portal <6.5.3 - Local File Inclusion

Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...

EUVD-2023-0573

Malicious code in bioql PyPI...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

CVE-2024-28087

In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable...

CVE-2020-36640

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...

Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability

In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable...

GHSA-76V2-48W6-CRXR Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability

In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable...

CVE-2024-28087

In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable...

CVE-2024-28087

In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable...

CVE-2024-28087

The CVE describes an Insecure Direct Object Reference (IDOR) affecting Bonitasoft runtime Community edition. The root cause is the absence of dynamic permissions, whereas dynamic permissions existed only in the Subscription edition and have now been restored in Community edition but are not custo...

Bonitasoft 安全漏洞

Bonitasoft is an open source BPM software from Bonitasoft. Bonitasoft has a security vulnerability that stems from a lack of dynamic permissions, which leads to an IDOR vulnerability...

PT-2024-22255 · Bonitasoft · Bonitasoft Runtime Community Edition

Name of the Vulnerable Software and Affected Versions: Bonitasoft runtime Community edition affected versions not specified Description: The issue is related to the lack of dynamic permissions in the Community edition of Bonitasoft runtime, which causes an Insecure Direct Object Reference IDOR...

CVE-2024-28087

In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable...

Bonitasoft Bonita Web 安全漏洞

Bonitasoft Bonita Web is an open source business process management and low-code development platform for the Bonitasoft community. A security vulnerability exists in Bonitasoft Bonita Web versions prior to 2023.2-u2, which stems from a stored cross-site scripting attack that is allowed via a UI...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

Cross site scripting

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

PT-2024-21418 · Bonitasoft · Bonitasoft

Name of the Vulnerable Software and Affected Versions: Bonitasoft, S.A versions prior to 7.14.8 Bonitasoft, S.A versions prior to 7.15.7 Bonitasoft, S.A versions prior to 8.0.3 Bonitasoft, S.A versions prior to 9.0.2 Description: The issue allows attackers to execute arbitrary code via a crafted...

CVE-2024-26542

Bonitasoft S.A. has a Cross-Site Scripting vulnerability (CVE-2024-26542) in the Groups Display name field. The flaw affects versions prior to 7.14.8, 7.15.7, 8.0.3, and 9.0.2, with remediation by upgrading to 7.14.8, 7.15.7, 8.0.3, or 9.0.2 respectively. The issue allows attackers to execute arb...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...