16 matches found
CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...
CVE-2026-22914
An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...
CVE-2026-22914
An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...
CVE-2023-25195
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...
Security Bulletin: Terraform state versions can be created by users with specific permissions without sufficient write access
Summary Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or is auto-applied. This...
CVE-2025-13432
Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...
CVE-2025-47699
Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...
CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...
FreeBSD : py-wagtail -- stored XSS vulnerability (17efbe19-4e72-426a-8016-2b4e001c1378)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17efbe19-4e72-426a-8016-2b4e001c1378 advisory. - Wagtail is an open source content management system built on Django. Starting in version 1.5 and prio...
GHSA-5286-F2RF-35C2 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
Impact A stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform...
Cross site scripting
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...
CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...
CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...
FreeBSD : Wagtail -- XSS vulnerability (8d85d600-84a9-11ea-97b9-08002728f74c)
Wagtail release notes : CVE-2020-11001: Possible XSS attack via page revision comparison view This release addresses a cross-site scripting XSS vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail...
Cross site scripting
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...
PYSEC-2020-152
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...