2125 matches found
verbb/formie Server-Side Template Injection for variable-enabled settings
Impact Users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This is listed as low-medium severity due to...
GHSA-V45M-HXQP-FWF5 verbb/formie Server-Side Template Injection for variable-enabled settings
Impact Users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This is listed as low-medium severity due to...
CVE-2024-34090
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting XSS vulnerability. The login banner in the Archer Control Panel ACP did not previously escape content appropriately. 6.14 P3 6.14.0.3 is also a fixed release...
CVE-2024-34090
CVE-2024-34090 affects Archer Platform 6 prior to 2024.04. The vulnerability is a stored cross-site scripting (XSS) flaw in the Archer Control Panel (ACP) login banner, where content was not properly escaped. This could allow an attacker with access to the ACP to inject and render malicious scrip...
GHSA-Q7G6-XFH2-VHPX phpMyFAQ stored Cross-site Scripting at user email
Summary The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript...
CVE-2024-27300
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
CVE-2024-27300 phpMyFAQ Stored XSS at user email
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTERVALIDATEEMAIL function, which only validates the email format, not...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven Frequently Asked Questions FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ, which stems from the email field in the phpMyFAQ User Control Panel page being vulnerable to a stored cross-site scripti...
KLA65243 PE vulnerability in Microsoft Apps
An elevation of privilege vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2024-28916 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. Related...
KLA65129 Multiple vulnerabilities in Microsoft Apps
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Skype for Consumer can be...
Huawei HarmonyOS and EMUI suffer from denial of service vulnerabilities (CNVD-2024-31076)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Control Panel. An attacker can obtain sensitive user information by enumerating user screen names and accessing the page's title. Remediation Upgrade...
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...
Insertion of Sensitive Information Into Sent Data
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Control Panel. An attacker can obtain sensitive user information by enumerating user screen names and...
GHSA-4585-28V2-8H46 Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...
CVE-2024-25604
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...
Design/Logic Flaw
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...
CVE-2024-25604
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...
CVE-2024-25604
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...
CVE-2024-25604
CVE-2024-25604 affects Liferay Portal 7.2.0–7.4.3.4 and Liferay DXP 7.4.13, 7.3 before SP3, 7.2 before FP17 (and older unsupported versions), where the system does not properly enforce permissions. Specifically, remote authenticated users with the VIEW permission can edit their own permissions vi...