32 matches found
PYSEC-2021-355
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...
Combodo iTop Access Control Error Vulnerability
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop 2.8.0 version of the previous security...
CVE-2020-4079
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...
CVE-2020-4079
CVE-2020-4079 affects Combodo iTop prior to 2.7.2 and 2.8.0 where the ajax endpoint for the Excel export portal could be accessed directly, bypassing scope filtering and exposing data to users who should not have access. Root cause: missing access control on the Excel export data retrieval. Impac...
CVE-2020-4079 Information disclosure vulnerability in iTop
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...
PT-2021-12113 · Comodo +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 2.8.0 Description: The issue allows a user to access data they should not have access to by calling the ajax endpoint for the "excel export" portal functionality directly,...
Combodo iTop 信息泄露漏洞
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop 2.8.0 version of the previous security...
PHPOffice PhpSpreadsheet Cross-Site Scripting Vulnerability
PHPOffice PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. A security vulnerability exists in version 0.0.0 of phpoffice/phpspreadsheet, which originates from the affected package phpoffice phpspreadsheet from 0.0.0. The library is susceptible to XSS attacks when creatin...
CVE-2020-25170 B. Braun OnlineSuite
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...
CA PPM Cross-Site Scripting Vulnerability
CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. A cross-site scripting vulnerability exists in the gridExcelExport feature in CA PPM, which...
Fedora 16 : phpMyAdmin-3.4.5-1.fc16 (2011-12905)
Changes for 3.4.5.0 2011-09-14 : - interface Page list in navigation frame looks odd - interface Error div misplaced - interface Comment on a column breaks inline editing - display Order by a column in a view doesn't work in some cases - interface Add missing space to server status - core Remove...
Security update 1970-01-01
...