CVE-2023-4321 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3...

Froxlor vulnerable to business logic errors

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22...

Code injection

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0...

CVE-2023-4304

CVE-2023-4304 concerns Froxlor (froxlor/froxlor) with business logic errors in versions prior to 2.0.22 and 2.1.0. Connected documents identify the affected software as Froxlor and describe the issue as a logic/design flaw in the application rather than a low-level vulnerability in a library. Mit...

CVE-2023-4304 Business Logic Errors in froxlor/froxlor

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0...

CVE-2023-4304 Business Logic Errors in froxlor/froxlor

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0...

CVE-2023-4196 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3...

CVE-2023-4196 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3...

CVE-2023-4195 PHP Remote File Inclusion in cockpit-hq/cockpit

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3...

CVE-2023-4195

CVE-2023-4195 affects Cockpit (cockpit-hq/cockpit) prior to version 2.6.3. The issue is a PHP Remote File Inclusion vulnerability arising in the Cockpit web interface, enabling remote code execution via crafted PHP include/require operations associated with the system’s file upload utility. Conne...

CVE-2023-4190

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11...

CVE-2023-4190 Insufficient Session Expiration in admidio/admidio

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11...

CVE-2023-4190

CVE-2023-4190 affects admidio/admidio prior to version 4.2.11. The vulnerability is Insufficient Session Expiration, allowing a user session to remain valid after logout and potentially grant unauthorized access to sensitive areas. Remediation: upgrade to Admidio 4.2.11 or later to fix the issue....

Insufficient Session Expiration

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11...

CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4189 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4188

CVE-2023-4188 affects instantsoft/icms2. The Red Hat and NVD records, along with linked advisories, confirm a SQL Injection in instantsoft/icms2 prior to 2.16.1-git. The related Huntr entry describes an unauthenticated blind SQL injection in the /tags/autocomplete endpoint (term parameter) with a...

CVE-2023-4188 SQL Injection in instantsoft/icms2

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4187

CVE-2023-4187 affects instantsoft/icms2 prior to 2.16.1-git with stored XSS in content handled by the system. The vulnerability is documented across multiple feeds; a Proof-of-Concept is available (Huntr) showing stored XSS in the admin item title, indicating practical exploitability in a real UI...

CVE-2023-4187 Cross-site Scripting (XSS) - Stored in instantsoft/icms2

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...