20 matches found
CVE-2026-34372
Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without ev...
EUVD-2024-19722
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-45327
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remo...
CVE-2025-0057
SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...
CVE-2024-27899
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...
CVE-2024-22126
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...
CVE-2025-0057
SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...
CVE-2025-0057 Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)
SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...
CVE-2025-0057
CVE-2025-0057 concerns SAP NetWeaver AS Java (User Admin Application). The issue is a stored cross-site scripting vulnerability where an attacker, posing as an admin, can upload a photo containing malicious JavaScript. When a victim accesses the vulnerable component, the attacker can read and mod...
CVE-2025-0057 Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)
SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...
PT-2025-1183 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java affected versions not specified Description: The issue is related to a stored cross-site scripting vulnerability. An attacker, posing as an administrator, can upload a photo with malicious JavaScript content. When a vict...
CVE-2024-2777
A vulnerability has been found in Campcodes/PHPGurukul Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql...
CVE-2024-22126 Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...
CVE-2024-22126 Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...
CVE-2019-19613
An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request...
CVE-2019-19613
Halvotec RaQuest 10.23.10801.0 admin login page is vulnerable to an Open Redirect. An attacker on the same network can modify the victim’s request to redirect to a malicious site after authentication; fixed in Release 24.2020.20608.0.
CVE-2018-3671
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information...
CVE-2009-2201
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog...
CVE-2009-2201
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog...
Design/Logic Flaw
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog...