keycloak: HTML injection in execute-actions-email Admin REST API

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...

GHSA-M4FV-GM5M-4725 HTML Injection in Keycloak Admin REST API

The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users...

SUSE CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

SUSE CVE-2017-16818

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...

Cross site scripting

A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross...

PT-2022-8678 · Optilink · Optilink Op-Xt71000N

Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N version V2.2, Firmware Version: OP V3.3.1-191028 Description: A remote attacker can conduct a cross-site request forgery CSRF attack due to insufficient CSRF protections for the "mgm config file.asp" file. This allows an...

Strapi SQL Injection Vulnerability

Strapi is an open source content management system CMS. versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerabilit...

Information Disclosure

strapi is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the attributes within admin API responses allowing an attacker to exploit the vulnerability use the information for malicious intent...

GHSA-4PHG-HPQM-C3J4 Strapi mishandles hidden attributes within admin API responses

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

Strapi mishandles hidden attributes within admin API responses

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

Design/Logic Flaw

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

CVE-2022-31367

Strapi CMS (versions prior to 3.6.10 and 4.x prior to 4.1.10) is affected by a SQL injection vulnerability caused by incorrect handling of hidden attributes in admin API responses. This design/logic flaw allows an attacker to exfiltrate database data. Remediation: upgrade to Strapi 3.6.10 or 4.1....

CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

PT-2022-20719 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi versions 3.x through 3.6.9 Strapi versions 4.x through 4.1.9 Description: The issue concerns the mishandling of hidden attributes within admin API responses. Recommendations: For Strapi versions 3.x through 3.6.9, update to version...

PT-2022-23199

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.15.1 Description The issue is related to Improper Authorization functions, which allow non-privileged users to run privileged API calls. If users without admin privileges are added to the Netmaker platform, they ca...

CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

Malicious code in dklive-admin-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f25b6aa3df8e64492212034b89f7b8436a8308890075a12f901ebdc6794d2c75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2535 Malicious code in dklive-admin-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f25b6aa3df8e64492212034b89f7b8436a8308890075a12f901ebdc6794d2c75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...