299 matches found
CVE-2018-19367
Portainer
Portainer Cross-Site Scripting Vulnerability
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A cross-site scripting vulnerability exists in Portainer 1.19.1 and earlier versions, which can be exploited by remote attackers to inject arbitrary JavaScript code and or HTML with the help of...
Cross-site Scripting (XSS)
github.com/portainer/portainer is vulnerable to cross-site scripting XSS attacks. The library does not use HTTP Secure Headers, allowing a malicious user to inject and execute arbitrary Javascript through the Team Name field...
Cross site scripting
A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...
CVE-2018-16316
A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...
CVE-2018-16316
A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...
CVE-2018-16316
CVE-2018-16316 describes a stored XSS in Portainer up to version 1.19.1, exploitable by remote authenticated users via the Team Name field. The issue stems from unvalidated input stored and rendered in teams management; real-world impact is arbitrary JavaScript/HTML execution for affected users. ...
CVE-2018-16316
A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...
Portainer UI No Authentication Vulnerability (HTTP)
The script checks if the Portainer Dashboard UI has no authentication enabled at the remote web server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Portainer UI No Administrator Vulnerability
Portainer is prone to an information disclosure and authentication bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Portainer UI Detection (HTTP)
HTTP based detection of Portainer Dashboard/Web UI. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Sever Side Request Forgery (SSRF) Via Unauthorised Access To Docker API
github.com/portainer/portainer is vulnerable to unauthorized access to docker API. The access is granted as the application does not validate the endpoint access requests, allowing unauthorized users to access internal Docker API, consequently allowing an attacker to leverage sever side request...
Portainer Access Restriction Bypass and Server-Side Request Forgery Vulnerabilities
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer versions prior to 1.18.0 that stems from the program's support for requests with unvalidated id query parameters. A remote attacker could use this...
Server side request forgery (ssrf)
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
CVE-2018-12678
Portainer prior to 1.18.0 is vulnerable: an unauthenticated request to the websocket /websocket/exec endpoint with an unvalidated id parameter can bypass access restrictions and enable server-side request forgery (SSRF). Public Red Hat/CNVD/OSV/etc. entries corroborate the vulnerability; remediat...
Uber: [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth
Vulnerability description not provided...