CBL Mariner 2.0 Security Update: ansible (CVE-2024-9902)

The version of ansible installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9902 advisory. - A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create ...

Astra Linux – Vulnerability in ansible-core

A flaw was discovered in Ansible. The ansible-core user module allows an unprivileged user to silently create or replace the contents of any file on any system path, and to take ownership of that file when a privileged user executes the user module against the unprivileged user’s home directory. ...

CVE-2024-50808

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in adminnotify.php...

CVE-2023-27245

A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...

CVE-2022-45215

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module...

CVE-2022-38267

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit=...

CVE-2022-39977

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point...

CVE-2021-46558

Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...

CLSA-2025-1747902752 Fix CVE(s): CVE-2018-16837

SECURITY UPDATE: sensitive data leakage through User module - debian/patches/CVE-2018-16837.patch: do not pass sshkeypassphrase on cmdline, fix passphrase being passed on command line - CVE-2018-16837...

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

CVE-2015-5520

Cross-site scripting XSS vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account...

Cross-Site Request Forgery (CSRF)

typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...

CVE-2024-55894

TYPO3 BEUSER CSRF issue (CVE-2024-55894) affects the Backend User Module. The root cause is CSRF combined with improper handling of state-changing actions via HTTP GET, exposed when security.backend.enforceReferrer is disabled and BE/cookieSameSite is lax/none. Exploitation requires an active bac...

CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the Backend User Module. An attacker can manipulate user actions by tricking a victim into visiting a malicious URL while logged into the backend. Note: This is only exploitable if...

GHSA-6W4X-GCX3-8P7V TYPO3 Cross-Site Request Forgery in Backend User Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

TYPO3 Cross-Site Request Forgery in Backend User Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

ansible-core: Ansible-core user may read/write unauthorized content

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

CVE-2024-50808

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in adminnotify.php...