96 matches found
Design/Logic Flaw
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...
CVE-2022-32430
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...
CVE-2022-32430
Lin CMS Spring Boot v0.2.1 has an access control flaw that allows unauthenticated attackers to access backend information and functions. The nuclei template and Red Hat/GHSA entries describe a hardcoded/default JWT token scenario enabling unauthorized access, potentially compromising backend admi...
PT-2022-21318 · Unknown · Lin-Cms Springboot
Name of the Vulnerable Software and Affected Versions: Lin CMS Spring Boot version 0.2.1 Description: An access control issue allows attackers to access the backend information and functions within the application. Recommendations: For Lin CMS Spring Boot version 0.2.1, consider restricting acces...
Lin CMS Spring Boot 安全漏洞
Lin CMS Spring Boot is a SpringBoot-based CMS/DMS/Management System development framework from the team at TaleLin. A security vulnerability exists in Lin CMS Spring Boot version v0.2.1, which can be exploited by an attacker to access back-end information and functionality within an application...
GHSA-RVF8-C35M-8289 Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...
GHSA-H6R2-PGVX-683C Lin-CMS-Flask vulnerable to Improper Authentication
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component app/api/cms/user.py...
Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...
Lin-CMS-Flask vulnerable to Improper Authentication
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component app/api/cms/user.py...
TaleLin Lin-CMS-Flask Access Control Error Vulnerability
TaleLin Lin-CMS-Flask is a content management system framework. an access control error vulnerability exists in TaleLin Lin-CMS-Flask, stemming from incorrect access control in Lin-CMS-Flask v0.1.1, which could be exploited by an attacker to obtain sensitive information and/or because the...
lin-cms-flask has an unspecified vulnerability
lin-cms-flask is a content management system framework. lin-cms-flask version 0.1.1 contains a security vulnerability that can be exploited by remote attackers to brute force login via the "login" function in the component "app/api/cms/user.py"...
TaleLin Lin-CMS-Flask has an unspecified vulnerability
A security vulnerability exists in TaleLin Lin-CMS-Flask, a content management system framework, due to cross-site scripting XSS in Lin-CMS-Flask, which can be exploited by remote attackers to execute arbitrary code by entering a script in the Username parameter to execute arbitrary code...
CVE-2020-18699
Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...
CVE-2020-18698
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...
CVE-2020-18699
Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...
CVE-2020-18698
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...
Improper access control
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...
PYSEC-2021-340
Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...