143 matches found
CVE-2025-56423
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
CVE-2025-60914
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...
CVE-2025-60916
A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...
CVE-2025-60915
An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...
CVE-2025-60917
A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...
EUVD-2025-198895
A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...
EUVD-2025-198896
An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...
EUVD-2025-198892
A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...
EUVD-2025-198803
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
EUVD-2025-198802
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...
CVE-2025-60917
A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...
CVE-2025-60914
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...
CVE-2025-60916
A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...
CVE-2025-60915
An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...
CVE-2025-56423
An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...
CVE-2025-60915
CVE-2025-60915 affects Austrian Openatlas: an issue in the size query parameter of /views/file.py allows path traversal with a crafted request in versions before v8.12.0. Impact is access to restricted paths; remediation is upgrading to v8.12.0 or later (no exploitation details provided in the do...
CVE-2025-56423
CVE-2025-56423 affects OpenAtlas v8.12.0 from the Austrian Academy of Sciences. A login error message handling flaw can disclose sensitive information to remote attackers, exposing confidentiality. Connected sources (Red Hat, EU ENISA, OSV, NVD, CVE listing) corroborate the issue description but ...
CVE-2025-60914
CVE-2025-60914 describes an access-control flaw in the Austrian Archaeological Institute Openatlas prior to version 8.12.0, where a crafted GET request to the path /display_logo can disclose sensitive information. The affected product is Openatlas (by the Austrian Archaeological Institute). The u...
CVE-2025-60916
CVE-2025-60916 is a reflected XSS vulnerability in Austrian OpenAtlas. The issue affects the /overview/network/ endpoint prior to OpenAtlas v8.12.0, where an attacker can inject a crafted payload into the charge parameter to execute arbitrary JavaScript in a user’s browser. The Red Hat/EU ENISA/O...
CVE-2025-60917
CVE-2025-60917 is a reflected XSS in Austrian Archaeological Institute Openatlas prior to v8.12.0, discovered via the /overview/network/ endpoint where an attacker injects a payload into the color parameter to run code in a user’s browser. The vulnerability arises from unvalidated/reflected input...