343 matches found
CVE-2023-5771
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
GHSA-6F58-J323-6472 pimcore/admin-ui-classic-bundle Unverified Password Change
Impact As old password can be set as new password , it is considered as password policy violation. Pimcore is not enforcing strict password policy which allow attacker to set old password as new password Proof of Concept 1. Go to Admin link 2. login and click on - "User | My Profile". 3. Go to...
CVE-2023-5844
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...
CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...
CVE-2023-5844
CVE-2023-5844 affects pimcore/admin-ui-classic-bundle prior to version 1.2.0. The root cause is an unverified password change, allowing an attacker to set an old password as the new one, violating password policy. Documented impact per OSV/GHSA entries indicates a password-policy bypass without e...
CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...
Pimcore Security Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore...
Cross-site Scripting (XSS)
ethyca-fides is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of proper validation in the privacyexperience.py , which results in inadequate verification of privacy policy URLs. This flaw allows an attacker to create a malicious payload in the privacy policy URL. When...
CVE-2023-46125
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...
CVE-2023-46126
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
Information disclosure
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...
Design/Logic Flaw
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
Information Disclosure
ethyca-fides is vulnerable to Information Disclosure. The vulnerability is due roles.py as it grants the CONFIGREAD scope to roles other than the owner, specifically the VIEWER and VIEWERANDAPPROVER roles. This allows Admin UI users with roles lower than the owner role to retrieve sensitive confi...
CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...
CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...
CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
Fides JavaScript Injection Vulnerability in Privacy Center URL
Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...