86 matches found
CVE-2022-25267
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...
CVE-2022-25268
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...
CVE-2022-25269
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...
CVE-2022-25268
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...
CVE-2022-25269
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...
CVE-2022-25266
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...
Directory traversal
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...
Directory traversal
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...
Cross site scripting
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...
Cross site request forgery (csrf)
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...
CVE-2022-25266
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...
CVE-2022-25266
Concrete details found: CVE-2022-25266 affects Passwork On-Premise Edition prior to 4.6.13. Root cause is improper restriction of the path name to a restricted directory in the migration/downloadExportFile endpoint, enabling directory traversal to read local files. Impact is reading files on the ...
CVE-2022-25269
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...
CVE-2022-25269
The CVE-2022-25269 entry concerns Passwork On-Premise Edition prior to 4.6.13 with multiple cross-site scripting (XSS) issues. Root cause: inadequate input handling/web-page structure protections leading to XSS in the affected web interface. Affected software: Passwork On-Premise Edition (version...
CVE-2022-25268
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...
CVE-2022-25268
Passwork On-Premise Edition is affected by a CSRF vulnerability in versions prior to 4.6.13. The issue enables cross-site request forgery via the likely exposed subsystems for groups, password, and history. Root cause, as described across sources, is a CSRF flaw in the application’s handling of t...
CVE-2022-25267
Passwork On-Premise Edition before 4.6.13 is affected by a Directory Traversal in the migration/uploadExportFile functionality. The root cause is an inadequate restriction of the destination path, enabling an attacker to upload arbitrary files to the system. Impact is onboarding of arbitrary file...
CVE-2022-25267
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...
PT-2022-4187 · Unknown +1 · Passwork On-Premise Edition +1
Name of the Vulnerable Software and Affected Versions: Passwork On-Premise Edition versions prior to 4.6.13 Description: The issue is related to multiple XSS problems in the Passwork On-Premise Edition. This is due to the lack of protection measures for the web page structure, allowing a remote...
PT-2022-4186 · Passwork · Passwork On-Premise Edition +1
Name of the Vulnerable Software and Affected Versions: Passwork On-Premise Edition versions prior to 4.6.13 Description: The issue is related to a CSRF vulnerability in the password manager Passwork. This vulnerability can be exploited by a remote attacker to perform a CSRF attack via the groups,...