14 matches found
CVE-2026-9449
Technical details about CVE-2026-9449 are not publicly available in the provided documents. Monitor for updates; no vendor/product/version specifics or remediation are disclosed here.
Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2025-36239
Summary The Web UI page that prompts a user to change their expired password was vulnerable to cross-site scripting XSS, because a URL parameter was used directly in HTML output without sanitization. An authenticated user with access to this page could inject arbitrary JavaScript. The impact was...
PHPGurukul e-Diary Management System 安全漏洞
The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...
CVE-2024-24818
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...
CVE-2018-13313
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...
Online Blood Bank Management System SQL注入漏洞
Online Blood Bank Management System is an online blood bank management system. Itsourcecode Online Blood Bank Management System version 1.0 suffers from a SQL injection vulnerability that originates from changepwd.php containing an unknown function that causes SQL injection via the parameter...
BIT-ESPOCRM-2024-24818
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...
EspoCRM 安全漏洞
EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM 8.1.1 and prior versions, which originates from a vulnerability that allows an attacke...
PT-2024-20584 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 8.1.2 Description: The issue allows an attacker to inject arbitrary IP or domain in the "Password Change" page, potentially redirecting the victim to a malicious page. This could lead to credential stealing or other...
CVE-2022-48547
A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...
CVE-2018-13313
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...
Cross site request forgery (csrf)
Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php...
The vulnerability of the password_change.cgi web interface of the system administration interface for UNIX-like operating systems, Webmin, allows a hacker to execute arbitrary code.
The vulnerability of the passwordchange.cgi web interface of the system administration interface for UNIX-like operating systems in Webmin is related to the improper elimination of special elements used in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code ...
Brainworks Software XpanceNET /index.php/request_passwordChange SQL Injection Vulnerability
Brainworks Software XpanceNET is a WEB-based application. Brainworks Software XpanceNET /index.php/requestpasswordChange handles a SQL injection vulnerability in the UserID parameter, which allows remote attackers to exploit the vulnerability by submitting a specially crafted SQL query to...