5 matches found
CVE-2025-63520
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function ?r=user%2Fupdate...
PT-2025-48452
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function ?r=user%2Fupdate...
CVE-2024-41140
CVE-2024-41140 affects Zohocorp ManageEngine Applications Manager versions 174000 and prior, with an incorrect authorization in the update user function. Public documentation from NVD and Red Hat confirms impact to confidentiality and integrity (high), with network attack vector, low attack compl...
GHSA-256M-J5QW-38F4 Netmaker IDOR Allows User to Update Other User's Password
Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...
Netmaker IDOR Allows User to Update Other User's Password
Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...