Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getBookmark function. An attacker can retrieve sensitive content from password-protected documents by sending unauthenticated requests to the /api/bookmark/getBookmark endpoint, which improperly authorize...

CVE-2026-34453 SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling...

CVE-2024-8153

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated...

PT-2024-38840 · Sourcecodester · Sourcecodester Qr Code Bookmark System

Name of the Vulnerable Software and Affected Versions: SourceCodester QR Code Bookmark System version 1.0 Description: A vulnerability was found in the system, affecting some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the bookmark argument leads to cross-sit...

QR Code Bookmark System 跨站脚本漏洞

QR Code Bookmark System is a QR code bookmark system for rems individual developers. A cross-site scripting vulnerability exists in SourceCodester QR Code Bookmark System version 1.0, which originates from a cross-site scripting vulnerability in the tblbookmarkid/name/url parameter of the...

PT-2024-38841 · Sourcecodester · Sourcecodester Qr Code Bookmark System

Name of the Vulnerable Software and Affected Versions: SourceCodester QR Code Bookmark System version 1.0 Description: A vulnerability has been found in the SourceCodester QR Code Bookmark System. The issue affects an unknown function of the file /endpoint/update-bookmark.php of the component...

PT-2024-38839 · Unknown · Sourcecodester Qr Code Bookmark System

Name of the Vulnerable Software and Affected Versions: SourceCodester QR Code Bookmark System version 1.0 Description: A vulnerability was found in the SourceCodester QR Code Bookmark System, affecting the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the...

QR Code Bookmark System 跨站脚本漏洞

QR Code Bookmark System is a QR Code Bookmark System by rems Personal Developer. A cross-site scripting vulnerability exists in version 1.0 of the QR Code Bookmark System, which is caused by a cross-site scripting vulnerability in the name/url parameter of the /endpoint/add-bookmark.php file...

PT-2024-27869 · Sourcecodester · Sourcecodester Qr Code Bookmark System

Name of the Vulnerable Software and Affected Versions: SourceCodester QR Code Bookmark System version 1.0 Description: A critical issue has been found in the system, affecting the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the bookmark argument leads to SQL injection. This...

SourceCodester QR Code Bookmark System 安全漏洞

QR Code Bookmark System is a QR code bookmark system by rems individual developer. A security vulnerability exists in SourceCodester QR Code Bookmark System version 1.0, which stems from a SQL injection caused by the parameter bookmark in the file /endpoint/delete-bookmark.php?bookmark=1...