172 matches found
PT-2024-35101 · Humhub · Humhub
Name of the Vulnerable Software and Affected Versions: HumHub versions through 1.16.2 Description: The issue affects HumHub, allowing excavation through user enumeration due to an observable response discrepancy. This discrepancy can lead to the generation of error messages containing sensitive...
Humhub 1.3.13 Shell Upload
==================================================================================================================================== | Title : Humhub v1.3.13 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Humhub 1.3.13 Directory Traversal
==================================================================================================================================== | Title : Humhub v1.3.13 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 67.032-bit |...
Password Reset Poisoning
Description Humhub uses the HTTP Host-Header in a password reset request to generate the password reset link that is sent to the user in an email without any filters or checks. This allows an attacker to craft a password reset request using a manipulated host header, resulting in reset-token...
Insufficient Session Expiration
Description Existing sessions are not invalidated after a password change. Proof of Concept Steps to reproduce: 1. Log in to Humhub 2. Do the same in another browser or a private window, such that there are two different active sessions 3. Update the user's password in either of the two sessions ...
HumHub Cross-Site Scripting Vulnerability (CNVD-2022-82657)
HumHub is a set of open source social networking software written on the Yii PHP framework. HumHub suffers from a cross-site scripting vulnerability that could be exploited by attackers to insert malicious javascript into the space name...
CVE-2022-31133
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and...
Cross site scripting
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and...
CVE-2022-31133 Cross site scripting in HumHub
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and...
CVE-2022-31133 Cross site scripting in HumHub
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and...
CVE-2022-31133 Cross site scripting in HumHub
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting XSS vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and...
CVE-2022-31133
HumHub (open source social network) contains a stored XSS in space names when a user with Spaces admin privileges creates or visits a space with an unescaped name. The vulnerability arises because space names are not properly escaped, enabling malicious JavaScript injection that could affect visi...
HumHub 跨站脚本漏洞
HumHub is a set of open source social networking software written on the Yii PHP framework. HumHub suffers from a cross-site scripting vulnerability that could be exploited by attackers to insert malicious javascript into the space name...
HumHub Cross-Site Scripting Vulnerability Security Vulnerability (CNVD-2022-82658)
HumHub is a set of open source social networking software written on the Yii PHP framework. HumHub suffers from a cross-site scripting vulnerability that stems from a component's lack of data filtering and escaping, which can be exploited by attackers to cause cross-site scripting...
HumHub Cross-Site Scripting Vulnerability (CNVD-2022-82659)
HumHub is a set of open source social networking software written on the Yii PHP framework. HumHub suffers from a cross-site scripting vulnerability that stems from a component's lack of data filtering and escaping, which can be exploited by attackers to cause cross-site scripting...
HumHub has an unspecified vulnerability (CNVD-2022-82660)
Humhub is a set of open source social networking software written on the Yii PHP framework. HumHub has a security vulnerability that could be exploited by attackers to escalate privileges...
CVE-2017-20028
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to...
CVE-2017-20027
A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting DOM. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to...
CVE-2017-20028
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to...
CVE-2017-20026
A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting Reflected. The attack can be launched remotely. The exploit has been disclosed to the public and may be...