207 matches found
CVE-2026-63081 Perfect Support Ticketing System 1.7 Stored XSS via Ticket Notes Field
Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...
CVE-2026-63081
The CVE-2026-63081 entry describes a stored XSS in the Perfect Support Ticketing & Document Management System (v1.7). Authenticated attackers with Agent-level privileges can inject scripts into the Notes field of assigned tickets, causing the script to run in the browser context of any viewer (in...
CVE-2026-57996
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...
EUVD-2026-44632
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...
CVE-2026-57996
phpMyFAQ prior to 4.1.5 contains a privilege-escalation flaw in the admin/user-add endpoint. A delegated administrator with USER_ADD/EDIT/DELETE can call POST /admin/api/user/add using isSuperAdmin: true and attacker-chosen credentials to create a SuperAdmin account, enabling full instance takeov...
CVE-2026-57996 phpMyFAQ - Privilege Escalation via Missing SuperAdmin Guard in user/add Endpoint
phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...
Cross-site Scripting (XSS)
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the headercolor setting in the branding configuration. An attacker with superadmin privileges can inject arbitrary CSS that impacts authenticate...
CVE-2026-55481
Snipe-IT (IT asset/license management) prior to 8.6.2 is affected by a CSS injection vulnerability in default.blade.php: header_color and related branding color settings are rendered inside a CSS style block with insufficient HTML escaping for the CSS context. This allows a superadmin to inject a...
CVE-2026-55481 Snipe-IT: CSS Injection via `header_color` Setting
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders headercolor and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticat...
CVE-2026-41879
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
CVE-2026-41879
R-SOFT DMS is affected. The vulnerability arises from storing superadmin credentials with a non-salted nested MD5 hash, enabling an attacker who obtains the password hash to decode the credentials. The password cannot be changed except by modifying the configuration file, indicating a configurati...
CVE-2026-41879
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
EUVD-2026-42857
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
CVE-2026-56780
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...
EUVD-2026-40155
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...
CVE-2026-56780 Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...
PT-2026-51620
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.5.0 Description A missing authorization issue allows a user with permissions to edit other users to reset the two-factor authentication 2FA of a superadmin. Recommendations Update to version 8.5.0...
CVE-2026-56396
CVE-2026-56396 (phpMyFAQ) affects phpMyFAQ versions before 4.1.4. The issue is missing authorization in editUser() and updateUserRights(), allowing authenticated administrators with edit_user to set the is_superadmin flag or grant arbitrary rights, escalating to SuperAdmin. This leads to high-imp...
CVE-2026-56396
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...
CVE-2026-56396 phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edituser permission can set issuperadmin flag or grant arbitrary rights to escalate to SuperAdm...