5 matches found
PT-2026-24619
Summary The /studiocms api/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target...
CVE-2025-10869
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
EUVD-2025-34610
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
The vulnerability of the web-based service for microprogramming software controlling switches of the EDS-4000/G4000 series allows a hacker to send requests to a vulnerable device and act on its behalf for other network devices.
The vulnerability of the web-based service for microprogrammed software-controlled switches of the EDS-4000/G4000 series lies in the ability to bypass access control mechanisms. Exploiting this vulnerability allows a malicious actor to send requests to the vulnerable device and act on its behalf...
CVE-2022-43760
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web...