28 matches found
EUVD-2012-5017
Malware in sbrugna...
EUVD-2018-14989
Malware in sbrugna...
EUVD-2018-1462
Malware in sbrugna...
EUVD-2022-7557
Malicious code in bioql PyPI...
CVE-2025-4433
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges...
CVE-2025-4433
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges...
CVE-2025-4433
CVE-2025-4433 affects Devolutions Server (versions 2025.1.7.0 and earlier). The vulnerability arises from improper access control in User Group Management, enabling a non-administrative user who has both User Management and User Group Management permissions to escalate privileges by adding users ...
CVE-2024-40036
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userGroupdeal.php?mudi=add=close...
Improper Preservation Of Permissions
github.com/authelia/authelia/ is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a flaw in the implementation of user group management. This can lead to unexpected outcomes like the changes to a user group are not taken into account by access control for longer tha...
SUSE CVE-2012-5094
Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to User Group Management...
baserCMS vulnerable to stored Cross-site Scripting
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...
CVE-2022-42486
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...
CVE-2022-42486
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...
Cross site scripting
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...
CVE-2022-42486
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...
PT-2022-26454 · Basercms · Basercms
Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 4.7.2 Description: The issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script in the User group management of baserCMS. This is a stored cross-site scripting issue...
CVE-2022-42486
CVE-2022-42486 is a stored XSS vulnerability in baserCMS, affecting versions prior to 4.7.2. An authenticated administrator can inject arbitrary script via the User group management feature. Impact described in connected sources includes client-side script execution risk; no remote code execution...
Cross-site Scripting (XSS)
baserproject/basercms is vulnerable to cross-site scripting. The vulnerability exists due to insufficient sanitization of user-supplied data in user group management feature which allows an attacker to inject and execute malicious javaScript on victim's browser...
baserCMS 跨站脚本漏洞
baserCMS is an enterprise-level content management system CMS from the baserCMS team. A security vulnerability exists in baserCMS versions prior to 4.7.2, which stems from stored cross-site scripting in the user group management...
CVE-2018-3134
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite subcomponent: User Group Management. The supported version that is affected is 6.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the...