24 matches found
EUVD-2021-25561
Malware in sbrugna...
EUVD-2017-5646
Malware in sbrugna...
CVE-2025-59747 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in...
Movable Type 输入验证错误漏洞
Movable Type is a content management system from Movable Type, Inc. A security vulnerability exists in Movable Type that stems from the possibility that invalid parameters may be inserted into the password reset page, resulting in a redirection to an arbitrary URL...
DotCMS 安全漏洞
DotCMS is an open source content management system written in Java by DotCMS, Inc. for managing content and content-driven sites and applications. A security vulnerability exists in DotCMS that originates from a URL parameter in the login page for resetting a password that can inject HTML code...
CVE-2023-51741
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...
CVE-2023-51741
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...
Authentication flaw
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...
CVE-2023-51741 Cleartext Submission of Password vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...
The vulnerability of the centralized identification and access control solution FortiAuthenticator lies in its failure to address HTML tags, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of the centralized authentication and access management solution FortiAuthenticator is related to the failure to implement measures to neutralize HTML tags. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks using a password reset...
GHSA-7J9H-3JXF-3VRF Denial of service vulnerability on Password reset page
Impact Previous versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may...
CVE-2023-25171 Kiwi TCMS has denial of service vulnerability on Password reset page
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...
CVE-2022-43364
CVE-2022-43364 affects IP-COM EW9 (firmware V15.11.0.14(9732)). An access-control flaw on the password-reset page allows unauthenticated attackers to arbitrarily change the admin password. CVSSv3.1 metrics in NVD/CVE entries: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (base score 7.5, HIGH). Attack vect...
CVE-2021-39125
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1...
PT-2021-22389 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.5.10 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.1 Description: The issue allows anonymous remote attackers to discover usernames of users via an enumeration...
XSS vulnerability on password reset page
Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...
PT-2021-11567 · Epignosis · Epignosis Efrontpro
Name of the Vulnerable Software and Affected Versions: Epignosis EfrontPro version 5.2.21 Description: A predictable seed vulnerability exists in the password reset functionality. By predicting the seed, it is possible to generate the correct password reset 1-time token. An attacker can visit the...
CVE-2020-6140
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The passwordstfemail parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-6138
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability...
Cross site scripting
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter...