434 matches found
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description A malicious actor is able to add "new Retrospective" with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new board to the system at Retrospective menu on the left - 3;...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description A malicious actor is able to add "new board" with a malicious payload to any target, and upon opening the research menu, the XSS payload is being executed. 🕵️♂️ Proof of Concept 1; Log in with a proper roled user 2; Add a new board to the system at research menu on the left 3;...
TYPO3 Information Disclosure Vulnerability (CNVD-2022-17972)
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association.TYPO3 suffers from an information disclosure vulnerability that stems from session identifiers not being properly present in the HTML output, which can be exploited by an attacker to cause...
TYPO3 信息泄露漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association.TYPO3 suffers from an information disclosure vulnerability that stems from session identifiers not being properly present in the HTML output, which can be exploited by an attacker to cause...
UBUNTU-CVE-2021-34428
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...
Information Disclosure
typo3/cms-core is vulnerable to information disclosure. User session identifiers were stored in cleartext and allows any user to retrieve the session identifiers...
CVE-2021-21339
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited...
Sql injection
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited...
CVE-2021-21339
CVE-2021-21339 affects TYPO3, a PHP-based CMS. The issue is that user session identifiers were stored in cleartext in versions prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, and 11.1.1. The root cause is storage of session identifiers without additional cryptographic hashing, and exploitation ...
PT-2021-14433 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 6.2.57 TYPO3 versions prior to 7.6.51 TYPO3 versions prior to 8.7.40 TYPO3 versions prior to 9.5.25 TYPO3 versions prior to 10.4.14 TYPO3 versions prior to 11.1.1 Description: The issue concerns user session identifier...
Django Channels leakage of session identifiers using legacy AsgiHandler
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...
TYPO3 Information Disclosure Vulnerability (CNVD-2021-26146)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 suffers from an information disclosure vulnerability that stems from user session identifiers being stored in plaintext. No details of the vulnerability are currently available...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 suffers from an information disclosure vulnerability that stems from user session identifiers being stored in plaintext. No details of the vulnerability are currently available...
Vulnerabilities fixed in TYPO3
The TYPO3 Association has fixed several vulnerabilities in TYPO3. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data T...
CVE-2020-35681
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...
DEBIAN-CVE-2020-35681
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...
PYSEC-2021-113
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...
CVE-2020-35681
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...
CVE-2020-35681
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...
CVE-2020-35681
Technical details about CVE-2020-35681 are not publicly available in the provided connected documents. The sources repeat the vulnerability description but do not expose affected versions, exploitation specifics, mitigations, or patch availability. Monitor for updates.