14 matches found
CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...
VulnCheck KEV: CVE-2023-5285
A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...
PT-2024-16436 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting an unknown functionality of the file /pda/approve center/check seal.php. The manipulation of the ID argument leads to SQL injection. The...
CVE-2023-6611
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAILID leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2023-39337
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere version 11.10, which originates from a SQL injection vulnerability in the parameter deleteSTR in the file setprint/delete.php...
CVE-2023-5682
A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORDID leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2023-5298
A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTSID leads to sql injection. The exploit has been disclosed to the...
CVE-2023-5285
A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...
CVE-2023-5267
A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hrpool/delete.php. The manipulation of the argument EXPERTID leads to sql injection. The exploit has been disclosed to the public and may be used...
PT-2023-32006 · Tongda · Tongda Oa 2017
Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions prior to 11.10 Description: A critical vulnerability was found in Tongda OA 2017, affecting an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the RECRUITMENT ID argumen...
Ivanti EPMM Authorization Issues Vulnerability
Ivanti EPMM is a mobile management software engine from Ivanti Corporation, USA. A security vulnerability exists in Ivanti EPMM version 11.10 and earlier, which stems from an authentication bypass vulnerability that allows unauthorized users to access restricted features or resources of the...
PT-2023-21085 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA version 11.10 Description: A critical vulnerability has been found in Tongda OA, affecting the actionGetdata function of the GatewayController.php file. This vulnerability leads to unrestricted upload and can be initiated remotely...
PT-2021-22748 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 and later Description: The issue allows an admin of a group to see the SCIM token of that group by visiting a specific endpoint. Recommendations: For GitLab CE/EE versions 11.10 and later, consider restricting acce...