8 matches found
EUVD-2025-206105
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
EUVD-2022-7093
Malicious code in bioql PyPI...
EUVD-2022-7337
Malicious code in bioql PyPI...
CVE-2023-38974
A stored cross-site scripting XSS vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2022-41705
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...
PT-2023-26713 · Badaso · Badaso
Name of the Vulnerable Software and Affected Versions: Badaso version 2.9.7 Description: A stored cross-site scripting XSS issue in the Edit Category function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. Recommendations: For...
CVE-2022-41705
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...
CVE-2022-41711
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...