Lucene search
K

96 matches found

Prion
Prion
added 2022/07/21 4:15 p.m.12 views

Design/Logic Flaw

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

5CVSS7.4AI score0.03634EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/21 3:52 p.m.23 views

CVE-2022-32430

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

7.6AI score0.03634EPSS
Exploits1References2
CVE
CVE
added 2022/07/21 3:52 p.m.104 views

CVE-2022-32430

Lin CMS Spring Boot v0.2.1 has an access control flaw that allows unauthenticated attackers to access backend information and functions. The nuclei template and Red Hat/GHSA entries describe a hardcoded/default JWT token scenario enabling unauthorized access, potentially compromising backend admi...

7.5CVSS7.3AI score0.03634EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/21 12:0 a.m.3 views

PT-2022-21318 · Unknown · Lin-Cms Springboot

Name of the Vulnerable Software and Affected Versions: Lin CMS Spring Boot version 0.2.1 Description: An access control issue allows attackers to access the backend information and functions within the application. Recommendations: For Lin CMS Spring Boot version 0.2.1, consider restricting acces...

7.5CVSS7.4AI score0.03634EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/07/21 12:0 a.m.5 views

Lin CMS Spring Boot 安全漏洞

Lin CMS Spring Boot is a SpringBoot-based CMS/DMS/Management System development framework from the team at TaleLin. A security vulnerability exists in Lin CMS Spring Boot version v0.2.1, which can be exploited by an attacker to access back-end information and functionality within an application...

7.5CVSS7.3AI score0.03634EPSS
Exploits1References3
OSV
OSV
added 2022/05/24 7:11 p.m.11 views

GHSA-RVF8-C35M-8289 Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

6.1CVSS6.2AI score0.0127EPSS
Exploits1References4
OSV
OSV
added 2022/05/24 7:11 p.m.5 views

GHSA-H6R2-PGVX-683C Lin-CMS-Flask vulnerable to Improper Authentication

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component app/api/cms/user.py...

9.8CVSS9.5AI score0.02026EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:11 p.m.19 views

Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

6.1CVSS6.7AI score0.0127EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:11 p.m.24 views

Lin-CMS-Flask vulnerable to Improper Authentication

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component app/api/cms/user.py...

9.8CVSS7.2AI score0.02026EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2021/08/18 12:0 a.m.16 views

TaleLin Lin-CMS-Flask Access Control Error Vulnerability

TaleLin Lin-CMS-Flask is a content management system framework. an access control error vulnerability exists in TaleLin Lin-CMS-Flask, stemming from incorrect access control in Lin-CMS-Flask v0.1.1, which could be exploited by an attacker to obtain sensitive information and/or because the...

9.8CVSS3.8AI score0.02277EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/18 12:0 a.m.21 views

lin-cms-flask has an unspecified vulnerability

lin-cms-flask is a content management system framework. lin-cms-flask version 0.1.1 contains a security vulnerability that can be exploited by remote attackers to brute force login via the "login" function in the component "app/api/cms/user.py"...

9.8CVSS5.3AI score0.02026EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/18 12:0 a.m.16 views

TaleLin Lin-CMS-Flask has an unspecified vulnerability

A security vulnerability exists in TaleLin Lin-CMS-Flask, a content management system framework, due to cross-site scripting XSS in Lin-CMS-Flask, which can be exploited by remote attackers to execute arbitrary code by entering a script in the Username parameter to execute arbitrary code...

6.1CVSS4.7AI score0.0127EPSS
Exploits1References1
NVD
NVD
added 2021/08/16 6:15 p.m.23 views

CVE-2020-18699

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

6.1CVSS0.0127EPSS
Exploits1References1
NVD
NVD
added 2021/08/16 6:15 p.m.34 views

CVE-2020-18698

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

9.8CVSS0.02026EPSS
Exploits1References2
NVD
NVD
added 2021/08/16 6:15 p.m.11 views

CVE-2020-18701

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

9.8CVSS0.02277EPSS
Exploits1References2
OSV
OSV
added 2021/08/16 6:15 p.m.3 views

CVE-2020-18701

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2021/08/16 6:15 p.m.5 views

CVE-2020-18699

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

6.1CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2021/08/16 6:15 p.m.8 views

CVE-2020-18698

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

9.8CVSS7.3AI score0.02026EPSS
Exploits1References2
Prion
Prion
added 2021/08/16 6:15 p.m.13 views

Improper access control

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

7.5CVSS9.3AI score0.02277EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/08/16 6:15 p.m.35 views

PYSEC-2021-340

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

6.1CVSS6.2AI score0.0127EPSS
Exploits1References2
Rows per page
Query Builder