PT-2025-15329 · Vivotek · Vivotek Nvr Nd8422P +2

Name of the Vulnerable Software and Affected Versions: Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P versions 2.4.0.204/3.3.0.104/4.2.0.101 Description: A vulnerability was found in the HTML Form Handler component of Vivotek NVR devices. The manipulation leads to the inclusion of sensitive...

CVE-2024-8428

The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...

PT-2024-25274 · Sourcecodester · Sourcecodester Airline Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Airline Ticket Reservation System version 1.0 Description: A critical issue affects the processing of the file activate jet details form handler.php, where the manipulation of the jet id argument leads to sql injection. The...

PT-2023-18381 · Dream Technology · Mica

Name of the Vulnerable Software and Affected Versions: Dream Technology mica versions up to 3.0.5 Description: A problematic issue has been identified, affecting an unknown function of the component Form Object Handler. This issue leads to cross site scripting and can be exploited remotely...

CVE-2022-4766

A vulnerability was found in dolibarrprojecttimesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a i...

CVE-2022-4766 dolibarr_project_timesheet Form cross-site request forgery

A vulnerability was found in dolibarrprojecttimesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a i...

dolibarr_project_timesheet 跨站请求伪造漏洞

dolibarrprojecttimesheet is a Dolibarr project timesheet view by Patrick Delcroix Personal Developer. A cross-site request forgery vulnerability exists in dolibarrprojecttimesheet versions prior to 4.5.6.a. The vulnerability stems from an issue with unknown code in the component Form Handler, whi...

PT-2022-28080 · Unknown · Dolibarr Project Timesheet

Name of the Vulnerable Software and Affected Versions: dolibarr project timesheet versions up to 4.5.5 Description: A vulnerability was found in the Form Handler component, leading to cross-site request forgery. The attack can be initiated remotely. Recommendations: For versions up to 4.5.5,...

Missing permission check in Jenkins Static Analysis Utilities Plugin

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users...

CVE-2019-10308

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users...

Default configuration

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers to change the per-job default graph configuration for all users...