16 matches found
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/ URI...
CVE-2024-45741
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...
CVE-2024-45741
CVE-2024-45741 affects Splunk Enterprise versions prior to 9.2.3 and 9.1.6, and Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205. A low-privileged user without admin/power roles can inject a malicious payload via a custom configuration file used by the api.uri parameter in th...
Privilege Escalation
jeecg-boot-base-core is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, which allows an attacker to gain escalated privileges and view sensitive information such as email, phone and enumerate usernames via API URI:...
Privilege Escalation
jeecg-boot-base-core is vulnerable to Privilege Escalation. The vulnerability exists due to the lack of permission checks in the library, which allows an attacker to gain escalated privilege and view sensitive information such as email, phone and enumerate usernames via API URI:...
Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin...
GHSA-FQP6-FW9G-XPXP Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin...
CVE-2021-37306
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin...
CVE-2021-37306
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin...
Code injection
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin...
Code injection
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin...
CVE-2021-37306
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin...
CVE-2021-37305
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin...
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/ URI...
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/ URI...
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the api/ URI...