miniCal 跨站请求伪造漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site request forgery vulnerability , attackers can use the GIA vulnerability to forge malicious requests to lure the victim to click to perform sensitive operations...

miniCal 跨站脚本漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

CVE-2023-33409

Minical 1.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in the file minical/public/application/controllers/settings/company.php. The issue is described across multiple sources as a CSRF path that could allow an attacker to induce the victim to perform unintended actions wit...

CVE-2023-33410

CVE-2023-33410 affects Minical 1.0.0 and earlier. The vulnerability stems from insufficient input validation in the Customer Name field of the Accounting module used to construct CSV files, enabling a CSV injection that, per sources, can allow an attacker to execute remote code. Affected versions...

PT-2023-24335 · Minical · Minical

Name of the Vulnerable Software and Affected Versions: Minical version 1.0.0 Description: The issue is related to Cross Site Request Forgery CSRF via the minical/public/application/controllers/settings/company.php file. This means an attacker could potentially trick a user into performing...

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

CVE-2023-33408

CVE-2023-33408 affects Minical 1.0.0 with a Cross-Site Scripting (XSS) vulnerability caused by insufficient input validation in security_helper.php. The connected sources (NVD, Red Hat, CNVD/CNNVD, OSV, CVE listing, and others) consistently describe XSS impact; a GitHub exploit entry provides a s...

CVE-2023-33408

Minical 1.0.0 is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to insufficient input validation in the application's user input handling in the securityhelper.php file...

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

CVE-2023-33408

Minical 1.0.0 is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to insufficient input validation in the application's user input handling in the securityhelper.php file...

Exploit for Cross-site Scripting in Minical

CVE-2023-33408 Minical 1.0.0 is vulnerable to Stored Cross-Si...