PT-2022-19981 · Unknown · Yetiforcecrm

Name of the Vulnerable Software and Affected Versions: YetiForce CRM versions prior to 6.4.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the WorkFlow module. This allows for potential exploitation via cross-site scripting. Recommendations: For versions...

YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from the undefined and unvalidated workflowModel-summary parameter on the Workflow module in Settings and is used direct...

Persistent Cross Site Scripting - Workflow Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On Workflow module from Settings, the type of workflowModel-summary parameter is not defined and validated, it's used directly without any encoding or validation on Workflows/Step1.tpl and...

GHSA-W28V-87G6-CJR6 Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter

Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2019-1003041 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.6)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2019-1003041 Source advisory: OSV:GHSA-X74X-QF5J-3...

Code injection

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...

CVE-2021-33333

The CVE-2021-33333 entry describes a vulnerability in the Portal Workflow module of Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 6, where improper permission checks allow remote authenticated users to view and delete wor...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

Cross site scripting

Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...

PT-2021-18047 · Liferay · Liferay Dxp

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 7.0 through 7.0 before fix pack 99 Liferay DXP versions 7.1 through 7.1 before fix pack 23 Liferay DXP versions 7.2 through 7.2 before fix pack 12 Liferay DXP versions 7.3 through 7.3 before fix pack 1 Description: A...

Rundeck Community Edition Cross Site Scripting

Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prin...

Rundeck Community Edition &lt; 3.0.13 - Persistent Cross-Site Scripting

Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prin...

Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...

Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting

Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...

SugarCRM (WorkFlow module) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

SugarCRM WorkFlow PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $POST'basemodule' parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the...

SugarCRM WorkFlow PHP Code Injection

----------------------------------------------------------- SugarCRM WorkFlow module PHP Code Injection Vulnerability ----------------------------------------------------------- - Software Link: http://www.sugarcrm.com - Affected Versions: All versions prior to 7.9.4.0 and 7.11.0.0. - Vulnerabili...

Vtiger 5.4.0 Cross Site Scripting Vulnerability

Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities. Vtiger 5.4.0 Reflected Cross Site Scripting I. Information ================== Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage :...

Cross site scripting

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...

CVE-2010-1539

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...