VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability

The VMware Spring Framework is prone to a data binding rules vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-G5MM-VMX4-3RG7 Improper handling of case sensitivity in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

PT-2021-11567 · Epignosis · Epignosis Efrontpro

Name of the Vulnerable Software and Affected Versions: Epignosis EfrontPro version 5.2.21 Description: A predictable seed vulnerability exists in the password reset functionality. By predicting the seed, it is possible to generate the correct password reset 1-time token. An attacker can visit the...

ILIAS < 5.2.21, 5.3.x < 5.3.12 XSS Vulnerability

ILIAS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2019-24000)

Ilias is an open source learning management system. A cross-site scripting vulnerability exists in Assessment/TestQuestionPool in Ilias version 5.3 before 5.3.12 and version 5.2 before 5.2.21. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...