Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/10 2:3 p.m.37 views

CVE-2026-45563 Roxy-WI: IDOR — any authenticated user can read another user's full action history

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 6:15 p.m.3 views

CVE-2026-22231

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

5.4CVSS5.8AI score0.00207EPSS
Exploits0References3
NVD
NVD
added 2026/01/08 6:15 p.m.6 views

CVE-2026-22231

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

5.5CVSS0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/08 5:10 p.m.22 views

CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

5.5CVSS0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/01/08 5:10 p.m.11 views

CVE-2026-22231

OPEXUS eCASE Audit is affected by a stored XSS in the Document Check Out comments. An authenticated attacker can save JavaScript as a comment, which is executed when another user views the Action History Log. Affected product: OPEXUS eCASE Audit (server-side application). Root cause: stored JavaS...

5.5CVSS6.3AI score0.00207EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/08 5:10 p.m.5 views

CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

5.5CVSS6.3AI score0.00207EPSS
Exploits0References3
CNVD
CNVD
added 2020/12/07 12:0 a.m.3 views

Cloudbees Jenkins Chaos Monkey Plugin Authorization Issue Vulnerability (CNVD-2020-70261)

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

5.3CVSS7AI score0.00824EPSS
Exploits0References1
Prion
Prion
added 2020/12/03 4:15 p.m.20 views

Design/Logic Flaw

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions...

5CVSS5.1AI score0.00824EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2020/12/03 12:0 a.m.7 views

Cloudbees Jenkins 授权问题漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

5.3CVSS6.1AI score0.00824EPSS
Exploits0References5
Rows per page
Query Builder