Lucene search
K

152 matches found

NVD
NVD
added 2024/06/06 4:15 p.m.42 views

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...

8.2CVSS0.00353EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 3:15 p.m.21 views

CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...

8.2CVSS6.5AI score0.00353EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.6 views

PT-2024-26969 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.37 Description: The issue is related to the Kanban methodology-based project management software, Kanboard. It involves a vulnerability in the addUser function within the ProjectPermissionController.php file...

8.2CVSS6.6AI score0.00353EPSS
Exploits1References15
Vulnrichment
Vulnrichment
added 2024/05/24 7:0 a.m.13 views

CVE-2023-7259 zzdevelop lenosp Adduser Page cross site scripting

DISPUTED A vulnerability was found in zzdevelop lenosp up to 20230831. It has been classified as problematic. This affects an unknown part of the component Adduser Page. The manipulation of the argument username with the input alert1 leads to cross site scripting. It is possible to initiate the...

5.1CVSS5.6AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/24 7:0 a.m.23 views

CVE-2023-7259 zzdevelop lenosp Adduser Page cross site scripting

DISPUTED A vulnerability was found in zzdevelop lenosp up to 20230831. It has been classified as problematic. This affects an unknown part of the component Adduser Page. The manipulation of the argument username with the input alert1 leads to cross site scripting. It is possible to initiate the...

5.1CVSS3.2AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.5 views

PT-2024-15256 · Zzdevelop · Lenosp

Name of the Vulnerable Software and Affected Versions: zzdevelop lenosp versions up to 20230831 Description: A disputed issue affects an unknown part of the Adduser Page component. The manipulation of the username argument with the input alert1 leads to cross-site scripting. This can be initiated...

5.1CVSS6.1AI score0.00337EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.10 views

lenosp 跨站脚本漏洞

Lenosp is a Spring Boot 2.0 rapid development modular scaffolding organized by Zhengzhou Programmers zzdevelop in China. A cross-site scripting vulnerability exists in lenosp 20230831 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the username parameter of the...

5.1CVSS3.8AI score0.00337EPSS
Exploits0References3
OSV
OSV
added 2024/03/12 4:15 p.m.3 views

CVE-2024-1529

Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript...

6.1CVSS5.8AI score0.00436EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.6 views

PT-2024-18115 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: The issue arises from insufficient encoding of user-controlled input, leading to a Cross-Site Scripting XSS vulnerability. This can be exploited through the "/admin/adduser.php" API endpoint,...

7.4CVSS5.8AI score0.00436EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2024/02/21 9:42 a.m.286 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect

How to use I'm using Python3.9 pip install requests...

10CVSS9.6AI score0.99959EPSS
Exploits9
VulnCheck KEV
VulnCheck KEV
added 2024/01/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-17283

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

7.5CVSS7.1AI score0.66347EPSS
Exploits1References1
NVD
NVD
added 2023/06/20 3:15 p.m.22 views

CVE-2020-21366

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

8CVSS8AI score0.00325EPSS
Exploits1References1
OSV
OSV
added 2023/06/20 3:15 p.m.3 views

CVE-2020-21366

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

8CVSS5.8AI score0.00325EPSS
Exploits1References1
Prion
Prion
added 2023/06/20 3:15 p.m.17 views

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

6CVSS8AI score0.00325EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.4 views

PT-2023-11583 · Greencms · Greencms

Name of the Vulnerable Software and Affected Versions: GreenCMS version 2.3 Description: A Cross Site Request Forgery issue allows an attacker to gain privileges via the adduser function of "index.php". Recommendations: For GreenCMS version 2.3, consider disabling the adduser function in...

8CVSS7.5AI score0.00325EPSS
Exploits1References4
CVE
CVE
added 2023/06/20 12:0 a.m.48 views

CVE-2020-21366

GreenCMS v2.3 is affected by a Cross-Site Request Forgery vulnerability that lets an attacker gain privileges via the adduser function in index.php. Root cause appears to be CSRF in the user-creation flow; CVSS v3.1 base score 8.0 (HIGH) with network attack vector, low complexity and user interac...

8CVSS7.9AI score0.00325EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.6 views

GreenCMS 跨站请求伪造漏洞

GreenCMS is a content management system CMS developed on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS v.2.3, which originates from a vulnerability that allows an attacker to gain system privileges via the adduser function in index.php...

8CVSS7.6AI score0.00325EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/20 12:0 a.m.31 views

CVE-2020-21366

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

8AI score0.00325EPSS
Exploits1References1
Kitploit
Kitploit
added 2023/04/16 12:30 p.m.249 views

Nmap-API - Uses Python3.10, Debian, python-Nmap, And Flask Framework To Create A Nmap API That Can Do Scans With A Good Speed Online And Is Easy To Deploy

Uses python3.10, Debian, python-Nmap, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating. API Reference Get all items GET...

7.5AI score
Exploits0References1
OSV
OSV
added 2023/03/16 3:30 a.m.1 views

GHSA-XG89-VVWP-9C27 Exposure of Sensitive Information in OpenGoofy Hippo4j

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

6.5CVSS5.8AI score0.00564EPSS
Exploits1References2
Rows per page
Query Builder