PT-2023-20868 · Unknown · Onekeyadmin

Name of the Vulnerable Software and Affected Versions: onekeyadmin version 1.3.9 Description: The issue is related to a stored cross-site scripting XSS vulnerability. This vulnerability can be exploited via the Title parameter under the Adding Categories module. Recommendations: For onekeyadmin...

OneKeyAdmin 跨站脚本漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin v1.3.9, which stems from a stored cross-site scripting XSS...

CVE-2023-26950

CVE-2023-26950 affects onekeyadmin v1.3.9 with a stored XSS in the Title parameter of the Adding Categories module. The issue is documented with CVSSv3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (base score 5.4; MEDIUM). Root cause details are not expanded beyond the stored XSS description in the sou...

CVE-2023-26950

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Title parameter under the Adding Categories module...

CVE-2023-23007

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added...

CVE-2023-23007

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added...

IDOR Vulnerability Allows add tag entry user other

Description IDOR Vulnerability Allows add tag entry user other, allows adding tags to any user, since there is no user authentication. And not limiting the input causes the entry interface to break Proof of Concept Step 1. User A manages entry id 6 Step 2. User B manages entry id 7 Step 3. Login...

Managing Security Configuration Risk with the Most Comprehensive Configuration Compliance Solution!

Qualys leads the industry with 850 policies, 19000 controls, 350 technologies, and 100 frameworks Remote and hybrid work, digital transformation, and customer experience initiatives require rapid and continuous technology additions and changes. This requires continual additions of and deployments...

Real Furnace and StRSR addresses can be added to the Distributor

Lines of code Vulnerability details Impact RToken may be distributed to StRSR and frozen. RSR may be distributed to Furnace and frozen. Proof of Concept Both Furnace and StRSR are added to the destinations of Distributor in DistributorP1init: function initIMain main, RevenueShare calldata dist...

Business Logic Errors

rdiffweb is vulnerable to business logic errors. The vulnerability exists because the library does not properly trigger notifications when adding an ssh key which allows an attacker to add any ssh key without aware of the user...

Cross-Site Request Forgery (CSRF)

github.com/usememos/memos is vulnerable to cross-site request forgery. An attacker is able to add new members, via user API by exploiting the CSRF issue...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.5, which stems from a failure to trigger a notification for sensiti...

CVE-2018-14520

An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages...

Kirby 跨站脚本漏洞

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby 2.5.12 that stems from it allowing malicious HTTP requests to be sent to trick users into adding web pages...

PT-2022-18603 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.1 Description: The issue is related to improper input validation, allowing a remote authenticated attacker to disable the ability to add categories. Recommendations: For versions 4.0.0 through 5.5.1,...

CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions...

Simple Client Management System 跨站脚本漏洞

Simple Client Management System is a Simple Client Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Client Management System v1, which stems from cross-site scripting that may result from 1 adding a new client and 2 adding a new invoice...

CVE-2021-45787

There is a stored Cross Site Scripting XSS vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks...

Update of ca-certificates

remove old certificate - Removing: - Certificate "DST Root CA X3" - Update to CKBI 2.50 from NSS 3.67 - Update to CKBI 2.48 from NSS 3.66 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "GeoTrust Global CA" - Certificate "GeoTrust Universal...

CVE-2022-23227

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...