3454 matches found
Design/Logic Flaw
Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...
CVE-2023-49339
Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...
CVE-2023-49339
Ellucian Banner 9.17 allows Insecure Direct Object Reference IDOR via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint...
Ellucian Security Breach
Ellucian is Ellucian's open and flexible technology ecosystem supporting SaaS. A security vulnerability exists in Ellucian Banner version 9.17 and earlier, which stems from an insecure direct object reference IDOR vulnerability in the endpoint /StudentSelfService/ssb/studentCard/retrieveData...
CVE-2023-49339
CVE-2023-49339 affects Ellucian Banner 9.17 (and earlier per sources) with an Insecure Direct Object Reference (IDOR) via a modified bannerId to /StudentSelfService/ssb/studentCard/retrieveData. Root cause: IDOR enabling potential unauthorized data access; CVSS 3.1 base score 6.5 (MEDIUM) with Co...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
Input validation
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
Input validation
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...
CVE-2024-0366
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...
CVE-2024-0366
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...
CVE-2023-6983
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...
CVE-2023-6983
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...
CVE-2023-6983
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...
CVE-2024-0366
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...
CVE-2024-0366 Starbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...
CVE-2024-0366
CVE-2024-0366 affects WordPress plugin Starbox – the Author Box for Humans. It is an Insecure Direct Object Reference (IDOR) via an action function caused by missing validation on a user-controlled key, affecting all versions up to 3.4.7. Impact: subscribers could view plugin preferences and pote...
CVE-2023-6983 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...
CVE-2023-6983 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...
CVE-2023-6983
CVE-2023-6983 affects the WordPress plugin “Display custom fields in the frontend – Post and User Profile Fields”. It is an insecure direct object reference (IDOR) in the vg_display_data shortcode caused by missing validation on a user-controlled key, enabling authenticated attackers with contrib...