Apache StreamPark Input Validation Error Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from an input validation error vulnerability that stems from the fact that when a user modifies his or her profile, the username is passed as a paramet...

CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...

CVE-2022-46365

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...

CVE-2022-46365

CVE-2022-46365 affects Apache StreamPark 1.0.0 before 2.0.0. The issue is an improper username verification when a user modifies their profile: the username is passed to the server without confirming the user is the currently logged-in one. This can allow an attacker to supply any username to mod...

PT-2023-14915 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions 1.0.0 through 1.0.0 Description: The issue arises when a user successfully logs in and attempts to modify their profile. The username is passed to the server-layer as a parameter but is not verified to ensure it...

SUSE CVE-2008-3325

Cross-site request forgery CSRF vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page...

ChiKoi 1.0 Cross Site Scripting

==================================================================================================================================== | Title : ChiKoi version 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

CVE-2022-36453

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number...

CVE-2022-36454

The CVE-2022-36454 issue affects Mitel MiCollab, specifically the MiCollab Client API, up to version 9.5.0.101. The root cause is improper authorization controls in the client API, enabling an authenticated attacker to modify their own profile parameters and impersonate another user’s name. Docum...

MTN Group: IDOR Leads To User Profile Modification https://mtnmobad.mtnbusiness.com.ng/app/updateUser

A vulnerability in the web application allowed authenticated users to modify the profile information of any other user without proper authorization checks. The issue was caused by the lack of sufficient authorization controls when updating user profiles through the /app/updateUser endpoint...

CVE-2022-1251

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request...

Employee Leaves Management System 跨站请求伪造漏洞

Employee Leaves Management System ELMS is an internal employee management system. A cross-site request forgery vulnerability exists in Employee Leaves Management System ELMS v2.1, which can be exploited by an attacker to change the details of any user profile, such as username, phone number, etc...

Tourism Management System 跨站请求伪造漏洞

Tourism Management System is a website builder for tourism management. A cross-site request forgery vulnerability exists in Tourism Management System v3.2, which can be exploited by an attacker to change the details of any user profile, such as username, phone number, etc. The vulnerability is...

Improper Access Control in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Users Module, any user with the User Type as Regular User could modify other users profiles via the update profile section. The prerequisite of this attack is by knowing the user record ID and username User Name respectively. The user records ID can be...

CVE-2020-26679

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...

CVE-2020-26680

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to...

Cross site scripting

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...

CVE-2020-26679

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...

CVE-2020-26679

CVE-2020-26679 affects vFairs 3.3 and is due to insecure permissions. Any logged-in user can modify other users’ profile information or profile pictures by sending an HTTP POST with another user’s ID, potentially enabling cross-site scripting or uploading PHP webshells as profile images. User IDs...

vFairs 安全漏洞

vFairs is a virtual event platform by vFairs Singapore. It can host exciting online conferences, trade shows, job fairs and more. A security vulnerability exists in vFairs version 3.3 that allows any user logged in to vFairs Virtual Meetings to modify other users' profile information or avatars,...