55 matches found
PYSEC-2023-296
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...
PYSEC-2023-295
An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads...
PYSEC-2023-296
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...
PYSEC-2023-297
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
PYSEC-2023-294
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
CVE-2023-6723 Unrestricted Upload of File with Dangerous Type in Repox
An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise...
CVE-2023-6722 Relative Path Traversal in Repox
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
CVE-2023-6722
CVE-2023-6722 describes a path traversal in Repox that allows reading arbitrary files on the server, leading to sensitive data disclosure. Public details in the provided documents indicate this affects Repox, with CNNVD noting existence in Repox 2.3.7 and earlier; PT Security lists the vulnerabil...
CVE-2023-6721 Improper Restriction of XML External Entity Reference in Repox
An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...
CVE-2023-6721
CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox that affects the XML data processing in the fileupload function, enabling a remote attacker to cause interaction with the server’s filesystem. Public sources consistently describe this as an XXE issue with high impact. CNNVD not...
CVE-2023-6720 Cross-site Scripting in Repox
An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads...
CVE-2023-6720
CVE-2023-6720 describes a stored XSS in Repox due to insufficient sanitisation of field elements, allowing an attacker to store a JavaScript payload on the server and trigger it when the application loads. The vulnerability affects Repox (version details not specified in the provided documents). ...
CVE-2023-6719 Cross-site Scripting in Repox
An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...
CVE-2023-6719
Repox has an XSS vulnerability tracked as CVE-2023-6719. Multiple connected sources describe an issue where a malicious actor can craft and deliver JavaScript payloads to a user, enabling an attacker to compromise interactions with the vulnerable application and potentially gain control of the us...
CVE-2023-6718
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...
CVE-2023-6718
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...
PYSEC-2023-293
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...
Authentication flaw
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...
PYSEC-2023-293
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...
CVE-2023-6718 Authentication Bypass Using an Alternate Path or Channel in Repox
An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...