GHSA-JMV4-73V2-PVGC Cross-site Scripting in OpenNMS Horizon

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since ther...

CVE-2021-25929

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since...

CVE-2021-25933

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since t...

CVE-2021-25929

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since...

Cross site scripting

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since...

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the US-based OpenNMS Group Opennms Group. A cross-site scripting vulnerability exists in OpenNMS Horizon, which can be exploited by an attacker to inject arbitrary scripts and trick...

Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Stored Cross-Site Scripting XSS in the "hotjar script" textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users. PoC Step 1: Install and activate the plugin "Hotjar...

Error: "You cannot add apps at this time" on Receiver StoreFront

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Domain users receive the following error after logging in using Receiver for Website : “You cannot a...

CVE-2021-24125

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7contactform GET parameter when submitting a filter request as a high privilege user admin+...

Citrix Workspace App Assistance for Non-Admins

Clickhere to download Citrix Workspace App. You have been directed to this article because you have questions about or need assistance with Citrix Workspace app and you are NOT an administrator or technical contact for your organization. As a non-admin user of Citrix Workspace app, you must conta...

Mattermost: [mattermost.com] CORS Misconfiguration leakage of admin users

Sumarry : CORS policies on pages containing sensitive information should be reviewed to determine whether it is appropriate for the application to trust both the intentions and security posture of any domains granted access. It's possible to get information about the users registered such as: id,...

Opencast Access Control Error Vulnerability

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. An Access Control Error vulnerability exists in Opencast. The vulnerability stems from allowing the distribution of interludes with strict access rules wi...

CVE-2020-26194

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISIPRIVLOGINCONSOLE or ISIPRIVLOGINSSH privileges to exploit the vulnerability, leading to compromised cryptographic...

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users...

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users...

Cross site request forgery (csrf)

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users...

CVE-2020-23342

Anchor CMS 0.12.7 contains a CSRF (Cross-Site Request Forgery) flaw in anchor/views/users/edit.php that can change or delete admin users. The CVE description and multiple sources state the vulnerability is triggered via administrative actions performed through a crafted request, with PoC evidence...

Design/Logic Flaw

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket. permission can access Tickets...

CVE-2020-26028

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket. permission can access Tickets...

Online Learning Management System 1.0 - Multiple Stored XSS

Exploit Title: Online Learning Management System 1.0 - Multiple Stored XSS Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...