The vulnerability in the `index.php?c=api` script of the OneNav bookmark management interface, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the /index.php?c=api interface of the OneNav bookmark management program is related to deficiencies in the authentication process due to incorrect generation of tokens with the X-Token parameter. Exploiting this vulnerability allows a malicious actor to compromise the...

CVE-2023-7210

CVE-2023-7210 affects OneNav up to 0.9.33. The vulnerability is an authentication flaw: manipulation of the X-Token parameter in the API endpoint /index.php?c=api leads to improper authentication. It is exploitable remotely and the exploit has been disclosed publicly (VDB-249765). Several connect...

OneNav License Issues Vulnerabilities

OneNav is a minimalist navigation/bookmark management system developed using PHP. An authorization issue vulnerability exists in OneNav version 0.9.33 and earlier versions, which stems from the incorrect operation of the parameter X-Token that can lead to incorrect authentication...

CVE-2020-8267

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...