152 matches found
CVE-2024-36399
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...
CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...
PT-2024-26969 · Kanboard +1 · Kanboard +1
Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.37 Description: The issue is related to the Kanban methodology-based project management software, Kanboard. It involves a vulnerability in the addUser function within the ProjectPermissionController.php file...
CVE-2023-7259 zzdevelop lenosp Adduser Page cross site scripting
DISPUTED A vulnerability was found in zzdevelop lenosp up to 20230831. It has been classified as problematic. This affects an unknown part of the component Adduser Page. The manipulation of the argument username with the input alert1 leads to cross site scripting. It is possible to initiate the...
CVE-2023-7259 zzdevelop lenosp Adduser Page cross site scripting
DISPUTED A vulnerability was found in zzdevelop lenosp up to 20230831. It has been classified as problematic. This affects an unknown part of the component Adduser Page. The manipulation of the argument username with the input alert1 leads to cross site scripting. It is possible to initiate the...
PT-2024-15256 · Zzdevelop · Lenosp
Name of the Vulnerable Software and Affected Versions: zzdevelop lenosp versions up to 20230831 Description: A disputed issue affects an unknown part of the Adduser Page component. The manipulation of the username argument with the input alert1 leads to cross-site scripting. This can be initiated...
lenosp 跨站脚本漏洞
Lenosp is a Spring Boot 2.0 rapid development modular scaffolding organized by Zhengzhou Programmers zzdevelop in China. A cross-site scripting vulnerability exists in lenosp 20230831 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the username parameter of the...
CVE-2024-1529
Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript...
PT-2024-18115 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.14 Description: The issue arises from insufficient encoding of user-controlled input, leading to a Cross-Site Scripting XSS vulnerability. This can be exploited through the "/admin/adduser.php" API endpoint,...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect
How to use I'm using Python3.9 pip install requests...
VulnCheck KEV: CVE-2018-17283
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...
CVE-2020-21366
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...
CVE-2020-21366
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...
Cross site request forgery (csrf)
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...
PT-2023-11583 · Greencms · Greencms
Name of the Vulnerable Software and Affected Versions: GreenCMS version 2.3 Description: A Cross Site Request Forgery issue allows an attacker to gain privileges via the adduser function of "index.php". Recommendations: For GreenCMS version 2.3, consider disabling the adduser function in...
CVE-2020-21366
GreenCMS v2.3 is affected by a Cross-Site Request Forgery vulnerability that lets an attacker gain privileges via the adduser function in index.php. Root cause appears to be CSRF in the user-creation flow; CVSS v3.1 base score 8.0 (HIGH) with network attack vector, low complexity and user interac...
GreenCMS 跨站请求伪造漏洞
GreenCMS is a content management system CMS developed on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS v.2.3, which originates from a vulnerability that allows an attacker to gain system privileges via the adduser function in index.php...
CVE-2020-21366
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...
Nmap-API - Uses Python3.10, Debian, python-Nmap, And Flask Framework To Create A Nmap API That Can Do Scans With A Good Speed Online And Is Easy To Deploy
Uses python3.10, Debian, python-Nmap, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating. API Reference Get all items GET...
GHSA-XG89-VVWP-9C27 Exposure of Sensitive Information in OpenGoofy Hippo4j
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...