CVE-2021-47925

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

EUVD-2021-34787

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

CVE-2021-47925

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

CVE-2021-47925 CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

CVE-2021-47925

CMDBuild 3.3.2 is affected by multiple stored cross-site scripting (XSS) vulnerabilities. The issue involves authenticated attackers injecting arbitrary web script or HTML via crafted input in card creation and file upload endpoints. XSS payloads can be injected through Employee card parameters o...

CVE-2021-47925 CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

PT-2026-39501

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

CMDBuild 跨站脚本漏洞

CMDBuild is an open-source web-based enterprise environment for configuring custom applications for asset management. Version 3.3.2 of CMDBuild contains a cross-site scripting vulnerability. This vulnerability stems from multiple stored-cross-site scripting vulnerabilities, allowing authenticated...

EUVD-2022-30181

Malicious code in bioql PyPI...

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

anima-pull2load (>=1.0.1 <=1.0.3), bem-register (>=1.0.0 <=1.0.5) +11 more potentially affected by CVE-2024-51091 via seajs (>=1.2.1 <=2.2.1)

seajs NPM version =1.2.1, =1.0.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.1, =0.0.1, =1.0.7, =0.9.11, =1.1.0, =1.1.3 Source cves: CVE-2024-51091 Source advisory: OSV:GHSA-PFR4-4397-3HG8...

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

Default credentials

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

CVE-2022-25518

CMDBuild versions 3.0–3.3.2 store payload requests in a temporary log table, enabling users with database access to read passwords of logged-in users. This vulnerability is documented across multiple sources (NVD, RH, CVE list) and affects CMDBuild’s login/password handling via the log table. Exp...

CMDBuild 日志信息泄露漏洞

CMDBuild is an open source web enterprise environment for configuring custom applications for asset management. A security vulnerability exists in CMDBuild versions 3.0 through 3.3.2, which stems from the fact that payload requests for CMDBuild versions 3.0 through 3.3.2 are stored in a temporary...

CMDBuild 3.3.2 Cross Site Scripting

Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Date: 15/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-sit...

CMDBuild 3.3.2 - &#039;Multiple&#039; Cross Site Scripting (XSS)

Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Date: 15/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-sit...