Lucene search
K

32 matches found

PyPA
PyPA
added 2021/09/29 2:15 p.m.7 views

PYSEC-2021-355

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

8.8CVSS6.8AI score0.01051EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/01/14 12:0 a.m.5 views

Combodo iTop Access Control Error Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop 2.8.0 version of the previous security...

7.7CVSS6.6AI score0.00861EPSS
Exploits0References1
NVD
NVD
added 2021/01/12 8:15 p.m.24 views

CVE-2020-4079

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...

7.7CVSS7.4AI score0.00861EPSS
Exploits0References1
CVE
CVE
added 2021/01/12 7:20 p.m.45 views

CVE-2020-4079

CVE-2020-4079 affects Combodo iTop prior to 2.7.2 and 2.8.0 where the ajax endpoint for the Excel export portal could be accessed directly, bypassing scope filtering and exposing data to users who should not have access. Root cause: missing access control on the Excel export data retrieval. Impac...

7.7CVSS7.4AI score0.00861EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/01/12 7:20 p.m.19 views

CVE-2020-4079 Information disclosure vulnerability in iTop

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...

7.7CVSS7.5AI score0.00861EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/01/12 12:0 a.m.10 views

PT-2021-12113 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 2.8.0 Description: The issue allows a user to access data they should not have access to by calling the ajax endpoint for the "excel export" portal functionality directly,...

9.8CVSS7.1AI score0.25573EPSS
Exploits11References64
CNNVD
CNNVD
added 2021/01/12 12:0 a.m.8 views

Combodo iTop 信息泄露漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop 2.8.0 version of the previous security...

7.7CVSS7.1AI score0.00861EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/09 12:0 a.m.7 views

PHPOffice PhpSpreadsheet Cross-Site Scripting Vulnerability

PHPOffice PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. A security vulnerability exists in version 0.0.0 of phpoffice/phpspreadsheet, which originates from the affected package phpoffice phpspreadsheet from 0.0.0. The library is susceptible to XSS attacks when creatin...

7.1CVSS6.8AI score0.01301EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/11/06 4:8 p.m.24 views

CVE-2020-25170 B. Braun OnlineSuite

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export...

7.8AI score0.00965EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/31 12:0 a.m.4 views

CA PPM Cross-Site Scripting Vulnerability

CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. A cross-site scripting vulnerability exists in the gridExcelExport feature in CA PPM, which...

6.1CVSS6AI score0.00899EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/10/03 12:0 a.m.18 views

Fedora 16 : phpMyAdmin-3.4.5-1.fc16 (2011-12905)

Changes for 3.4.5.0 2011-09-14 : - interface Page list in navigation frame looks odd - interface Error div misplaced - interface Comment on a column breaks inline editing - display Order by a column in a view doesn't work in some cases - interface Add missing space to server status - core Remove...

5.4AI score
Exploits0References3
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.4 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder