Bonita Web 2021.2 - Authentication/Authorization Bypass

Bonita Web 2021.2 contains an authentication/authorization bypass vulnerability caused by an overly broad exclude pattern in RestAPIAuthorizationFilter, allowing unauthenticated users to access privileged API endpoints by appending ;i18ntranslation or /../i18ntranslation/ to the URL. id:...

Bonita BPM Portal <6.5.3 - Local File Inclusion

Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...

EUVD-2015-3933

Malware in sbrugna...

CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel...

CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

CVE-2020-36640

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...

VulnCheck KEV: CVE-2015-3897

Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...

Insecure Direct Object Reference (IDOR)

org.bonitasoft.engine, bonita-server is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the absence of dynamic permissions, which previously existed only in the Subscription edition and were not customizable in the Community edition...

VulnCheck KEV: CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

GHSA-8VJ9-5V5Q-FHCH Bonita cross-site scripting vulnerability

Bonita before 10.1.0.W11 allows stored XSS via a UI screen in the administration panel...

Bonita cross-site scripting vulnerability

Bonita before 10.1.0.W11 allows stored XSS via a UI screen in the administration panel...

CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel...

CVE-2024-27609

The CVE-2024-27609 entry concerns Bonita before 2023.2-u2 (Bonita Web) with a stored XSS flaw in an administration-panel UI screen. Multiple connected sources corroborate a stored XSS due to inadequate input validation on the UI, enabling script execution. Public details specify affected versions...

CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel...

CVE-2024-27609

Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel...

Bonitasoft Bonita Web 安全漏洞

Bonitasoft Bonita Web is an open source business process management and low-code development platform for the Bonitasoft community. A security vulnerability exists in Bonitasoft Bonita Web versions prior to 2023.2-u2, which stems from a stored cross-site scripting attack that is allowed via a UI...

CVE-2020-36640

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...

CVE-2020-36640

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...

Xxe

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...

CVE-2020-36640 bonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity reference

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external...