Lucene search
K

343 matches found

OSV
OSV
added 2023/11/06 9:15 p.m.2 views

CVE-2023-5771

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...

6.1CVSS5.8AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2023/10/31 10:23 p.m.23 views

GHSA-6F58-J323-6472 pimcore/admin-ui-classic-bundle Unverified Password Change

Impact As old password can be set as new password , it is considered as password policy violation. Pimcore is not enforcing strict password policy which allow attacker to set old password as new password Proof of Concept 1. Go to Admin link 2. login and click on - "User | My Profile". 3. Go to...

4.3CVSS5.2AI score0.00553EPSS
Exploits1References5
NVD
NVD
added 2023/10/30 11:15 a.m.30 views

CVE-2023-5844

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...

7.2CVSS5.2AI score0.00553EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/30 10:8 a.m.16 views

CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...

4.3CVSS6.8AI score0.00553EPSS
Exploits1References2
CVE
CVE
added 2023/10/30 10:8 a.m.77 views

CVE-2023-5844

CVE-2023-5844 affects pimcore/admin-ui-classic-bundle prior to version 1.2.0. The root cause is an unverified password change, allowing an attacker to set an old password as the new one, violating password policy. Documented impact per OSV/GHSA entries indicates a password-policy bypass without e...

7.2CVSS5.5AI score0.00553EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/10/30 10:8 a.m.25 views

CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...

4.3CVSS4.8AI score0.00553EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.15 views

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore...

7.2CVSS6.7AI score0.00553EPSS
Exploits1References3
Veracode
Veracode
added 2023/10/26 6:30 a.m.22 views

Cross-site Scripting (XSS)

ethyca-fides is vulnerable to Cross-site Scripting XSS. The vulnerability is due to a lack of proper validation in the privacyexperience.py , which results in inadequate verification of privacy policy URLs. This flaw allows an attacker to create a malicious payload in the privacy policy URL. When...

5.4CVSS6.5AI score0.00607EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/10/25 6:17 p.m.22 views

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References3
NVD
NVD
added 2023/10/25 6:17 p.m.15 views

CVE-2023-46126

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

5.4CVSS4.7AI score0.00607EPSS
Exploits0References3
Prion
Prion
added 2023/10/25 6:17 p.m.20 views

Information disclosure

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

4CVSS6.3AI score0.00722EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.16 views

Design/Logic Flaw

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

4.9CVSS5.5AI score0.00607EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/10/25 7:43 a.m.14 views

Information Disclosure

ethyca-fides is vulnerable to Information Disclosure. The vulnerability is due roles.py as it grants the CONFIGREAD scope to roles other than the owner, specifically the VIEWER and VIEWERANDAPPROVER roles. This allows Admin UI users with roles lower than the owner role to retrieve sensitive confi...

6.5CVSS6.7AI score0.00722EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/24 10:42 p.m.28 views

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.5AI score0.00722EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/24 10:42 p.m.12 views

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References3
OSV
OSV
added 2023/10/24 10:42 p.m.32 views

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.2AI score0.00722EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/10/24 9:59 p.m.12 views

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

3.9CVSS6.7AI score0.00607EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/24 9:59 p.m.22 views

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

3.9CVSS5.7AI score0.00607EPSS
Exploits0References3
OSV
OSV
added 2023/10/24 9:59 p.m.32 views

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

3.9CVSS5.3AI score0.00607EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/10/24 2:45 a.m.28 views

Fides JavaScript Injection Vulnerability in Privacy Center URL

Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...

5.4CVSS6.8AI score0.00607EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder