CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

Onest CRM 跨站脚本漏洞

Onest CRM is a CRM system from Onest Corporation. A cross-site scripting vulnerability exists in Onest CRM version 1.0, which stems from the parameter name in the file /admin/project/update/2 can lead to cross-site scripting...

PT-2023-25116 · Onest Crm · Onest Crm

Name of the Vulnerable Software and Affected Versions: Onest CRM version 1.0 Description: A problematic issue was found in Onest CRM, affecting an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input alert1...

PT-2022-21133 · Bytebase · Bytebase

Name of the Vulnerable Software and Affected Versions: Bytebase affected versions not specified Description: The Bytebase application does not restrict low privilege users from accessing admin projects, allowing unauthorized users to view projects created by Admin. The affected endpoint is...

CVE-2020-29053

HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...

CVE-2006-6575

The vulnerability CVE-2006-6575 affects the Yet Another PHP LDAP Admin Project (yaplap) versions 0.6 and 0.6.1, where a PHP remote file inclusion is possible via the LOGIN_style parameter, enabling remote code execution. The root cause is an unsafe handling of user-supplied URL input in that para...