Lucene search
K

25 matches found

Hacker One
Hacker One
added 2025/10/13 6:50 p.m.9 views

Nextcloud: BOLA/IDOR in Out-of-Office API allows any authenticated user to read other users' absence data

Summary The Out-of-Office OOO API endpoints at /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId and /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId/now suffer from a Broken Object Level Authorization BOLA vulnerability. Any authenticated user can retrieve the out-of-office data of any other user by...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-31687

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00881EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-31556

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0037EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/05 12:25 a.m.10 views

CVE-2025-45938

Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...

5.4CVSS5.7AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/07/03 3:15 p.m.3 views

CVE-2025-45938

Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...

5.4CVSS5.8AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.4 views

Akeles Out of Office Assistant for Jira 安全漏洞

Akeles Out of Office Assistant for Jira is an application from Akeles Singapore for the Jira platform. A security vulnerability exists in Akeles Out of Office Assistant for Jira version 4.0.1, which originates from the Jira fullName parameter and is susceptible to cross-site scripting attacks...

5.4CVSS6AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/03 12:0 a.m.3 views

CVE-2025-45938

Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...

5.8AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2025/07/03 12:0 a.m.25 views

CVE-2025-45938

The CVE-2025-45938 vulnerability affects Akeles Out of Office Assistant for Jira 4.0.1. The issue is a Cross-Site Scripting (XSS) flaw triggered via the Jira fullName parameter. Documented impact is limited to XSS; no exploitation details are provided in the sources. A remediation note from PT Se...

5.4CVSS5.9AI score0.00201EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/03 12:0 a.m.10 views

CVE-2025-45938

Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting XSS via the Jira fullName parameter...

0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.6 views

PT-2025-27806 · Akeles +1 · Akeles Out Of Office Assistant For Jira +1

Name of the Vulnerable Software and Affected Versions: Akeles Out of Office Assistant for Jira version 4.0.1 Description: The issue is related to Cross Site Scripting XSS via the Jira fullName parameter. This allows for potential malicious script execution. No information is provided about the...

6.4CVSS5.7AI score0.00201EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.5 views

CVE-2021-44886

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...

5.3CVSS7AI score0.00881EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/14 4:11 a.m.11 views

CVE-2024-33849

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...

6.5CVSS6.9AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2024/05/28 4:15 p.m.16 views

CVE-2024-33849

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...

6.5CVSS6.6AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/28 3:22 p.m.21 views

CVE-2024-33849

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...

6.6AI score0.0037EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.3 views

CI solution CI-Out-of-Office Manager 安全漏洞

CI solution CI-Out-of-Office Manager is a tool from CI solution for managing employee leave and out-of-office status. The solution is designed to streamline and automate the leave request, approval, and recording process to improve management efficiency in your organization. A security...

6.5CVSS6.7AI score0.0037EPSS
Exploits0References3
Hacker One
Hacker One
added 2022/08/25 2:48 p.m.30 views

Mattermost: DoS via Automatic Response Message

Summary: A user can enable and modify its automatic response message, that is automatically sent when the user has the "Out of Office" status. This response message doesn't have any size check or validation, which allows an attacker to set an almost unlimited number of characters as the response...

4CVSS0.5AI score0.01069EPSS
Exploits1
CNVD
CNVD
added 2022/03/18 12:0 a.m.21 views

Zammad has an unspecified vulnerability (CNVD-2022-22302)

Zammad is a suite of ticket management software from the German company Zammad. a security vulnerability exists in Zammad, which stems from the ability of agents to configure out of office periods and substitutes. If substitutes do not have the same privileges as the original agent, they may...

5.3CVSS3.7AI score0.00881EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/04 3:15 p.m.2 views

CVE-2021-44886

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...

5.3CVSS6.1AI score0.00881EPSS
Exploits0References2
OSV
OSV
added 2022/02/04 3:15 p.m.19 views

CVE-2021-44886

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...

5.3CVSS6.9AI score
Exploits0References1
NVD
NVD
added 2022/02/04 3:15 p.m.22 views

CVE-2021-44886

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...

5.3CVSS0.00881EPSS
Exploits0References1
Rows per page
Query Builder