Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.3 views

PT-2026-24619

Summary The /studiocms api/dashboard/api-tokens endpoint allows any authenticated user at least Editor to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target...

8.8CVSS5.9AI score0.00564EPSS
Exploits3References8
NVD
NVD
added 2025/10/15 1:16 p.m.4 views

CVE-2025-10869

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

6.1CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 12:37 p.m.6 views

EUVD-2025-34610

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/27 12:0 a.m.3 views

The vulnerability of the web-based service for microprogramming software controlling switches of the EDS-4000/G4000 series allows a hacker to send requests to a vulnerable device and act on its behalf for other network devices.

The vulnerability of the web-based service for microprogrammed software-controlled switches of the EDS-4000/G4000 series lies in the ability to bypass access control mechanisms. Exploiting this vulnerability allows a malicious actor to send requests to the vulnerable device and act on its behalf...

9CVSS6.6AI score0.00538EPSS
Exploits0References2Affected Software7
OSV
OSV
added 2023/06/01 1:15 p.m.38 views

CVE-2022-43760

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web...

8.4CVSS7.1AI score0.00714EPSS
Exploits0References2
Rows per page
Query Builder