PYSEC-2024-123

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240

The CVE-2024-1240 entry applies to pyload/pyload 0.5.0, where the login flow mishandles the next parameter, enabling an open redirect to attacker-controlled sites (phishing risk). The issue is mitigated by upgrading to pyload-ng 0.5.0b3.dev79 or later. Connected documents confirm the vulnerable c...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

PT-2024-33493 · Umbrel · Umbrel

Name of the Vulnerable Software and Affected Versions: Umbrel versions prior to 1.2.2 Description: The login functionality of Umbrel contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the...

Cross Site Scripting(XSS)

OpenC3 COSMOS is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to the login functionality, which allows an attacker to inject malicious scripts while sending commands to and receiving data from embedded systems...

PYSEC-2024-100

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...

CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...

CVE-2024-8168

The CVE-2024-8168 issue affects code-projects Online Bus Reservation Site 1.0, specifically a SQL injection in the login.php file via the Username parameter. The vulnerability is exploitable remotely and has been disclosed publicly. Multiple connected sources (Red Hat, NVD, CVE list, CNVD/CNNVD, ...

CVE-2024-25977

CVE-2024-25977 corresponds to a session-fixation vulnerability in the HAWKI interface (HAWK Digital Environments). The issue arises because the application does not change the session token on login/logout, allowing an attacker to set a victim’s token (e.g., via XSS) and prompt login, resulting i...

CVE-2024-25977 Session Fixation

The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser e.g. via XSS and prompt the victim to log in e.g. via a redirect to the login page. This results in the victim's account being taken over...

CVE-2024-1927 SourceCodester Web-Based Student Clearance System login.php sql injection

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched...

PT-2024-17951 · Microsoft · Office 365

Name of the Vulnerable Software and Affected Versions: Office 365 affected versions not specified Description: The issue affects login functionality in a zero-trust environment. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabilit...

CVE-2023-38871

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

PT-2023-22703 · Unknown · Medicine Tracker System

Name of the Vulnerable Software and Affected Versions: Medicine Tracker System version 1.0 Description: A username enumeration issue was discovered in the login functionality, allowing a malicious user to guess a valid username due to a different response time from invalid usernames. When a valid...

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

CVE-2023-30458

Summary: Medicine Tracker System 1.0 suffers a username enumeration in its login function: valid usernames leak via longer response times tied to password length. Impact: potential credential discovery over network with no direct exploitation details in the provided documents. Remediation (suppor...

PT-2023-8558 · Sourcecodester · Simple Customer Relationship Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Customer Relationship Management System version 1.0 Description: The issue is related to the lack of protection against SQL query structure attacks in the php-scrm/login.php component of the Simple Customer Relationship...

Siemens Desigo PXC and DXR Devices Improper Restriction of Excessive Authentication Attempts (CVE-2022-24044)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...