Lucene search
K

18 matches found

OSV
OSV
added 2024/10/22 10:15 p.m.5 views

CVE-2024-48415

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...

5CVSS5.8AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2024/10/22 10:15 p.m.15 views

CVE-2024-48415

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...

5CVSS0.00356EPSS
Exploits0References1
CVE
CVE
added 2024/10/22 12:0 a.m.63 views

CVE-2024-48415

The connected documents confirm CVE-2024-48415 affects itsourcecode Loan Management System v1.0, with a Cross Site Scripting (XSS) vulnerability exploitable via a crafted payload passed to the lastname, firstname, middlename, address, contact_no, email, and tax_id fields in the New Borrowers page...

5CVSS5.9AI score0.00356EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/22 12:0 a.m.21 views

CVE-2024-48415

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...

5.9AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.5 views

PT-2024-33101 · Itsourcecode · Itsourcecode Alton Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Loan Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contact no, email, and tax id parameters in the new borrowers...

5CVSS5.4AI score0.00356EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.3 views

itsourcecode Loan Management System 跨站脚本漏洞

itsourcecode Loan Management System is a loan management system from itsourcecode, Inc. A security vulnerability exists in itsourcecode Loan Management System v1.0, which originates in the New Borrower feature on the Borrowers page, where a well-constructed payload passed through various paramete...

5CVSS6.1AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/22 12:0 a.m.20 views

CVE-2024-48415

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting XSS via a crafted payload to the lastname, firstname, middlename, address, contactno, email and taxid parameters in new borrowers functionality on the Borrowers page...

0.00356EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.9 views

reclaimLiquidity() Malicious borrowers can force LPs to be unable to retrieve Liquidity by closing and reopening the Position before it expires.

Lines of code Vulnerability details Vulnerability details If LP wants to retrieve the Liquidity that has been lent out, it can set a renewalCutoffTime through reclaimLiquidity. If the borrower does not voluntarily close, liquidatePosition can be used to forcibly close the position after the loan...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.12 views

In some pools, borrowers can maliciously prevent liquidatePosition()

Lines of code Vulnerability details Vulnerability details in liquidatePosition At the end of the liquidation, the liquidation fee will be transferred to the liquidator. function liquidatePosition DataStruct.ClosePositionParams calldata params, address borrower external override nonReentrant...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.9 views

potential griefing attack on deployMarket

Lines of code Vulnerability details Impact potential griefing attack on deployMarket by malicious borrowers Proof of Concept when borrwer try to deployMarket , malicious borrower see paramenters of the deploymarket in transaction pool, take those parameters and deploy market by front runnning...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.8 views

Malicious initial reserve ratio can be used to rug lenders collateral

Lines of code Vulnerability details Impact Wildcat protocol provides borrowers the ability to adjust annual interest BIPs after market deployment. In order to protect lenders the protocol increases the reserve ratio of ratio of the market to 90% for two weeks. The increased reserve ratio allows...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.18 views

BORROWERS CAN AVOID LIQUIDATIONS, IF ERC777 TOKEN IS CONFIGURED AS AN emissionToken

Lines of code Vulnerability details Impact If a borrower is undercollateralized then he can be liquidated by a liquidator by calling the MErc20.liquidateBorrow function. liquidateBorrow function calls the MToken.liquidateBorrowFresh in its execution process. Inside the liquidateBorrowFresh functi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/02 12:0 a.m.7 views

Attacker can spam addCredit() function to cause a denial-of-service during an auction

Lines of code Vulnerability details The ParticleExchange contract does not store any data about the lien in the contract storage. Instead, users must send the entire Lien struct when interacting with any existing lien, and the contract checks if the hash of the struct is correct. This poses a...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.11 views

Borrowers can be liquidated before default by being based on the borrowBalance from other pools

Lines of code Vulnerability details Impact Borrower can be liquidated before default based on the borrowBalance from other pools. In the liquidity snapshot, borrows from other pools are added as total borrow but the collateral that is used which might not be used as collateral for the poolfor the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/20 12:0 a.m.14 views

Borrowers may earn auction proceeds without filling the debt shortfall

Lines of code Vulnerability details Impact The proceeds from the collateral auctions will not be used to fill the debt shortfall, but be transferred directly to the borrower. Proof of Concept Assume N is an allowed NFT, B is a borrower, the vault V is vaultInfoBN: 1. B add two NFTsN-1 and N-2 as...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.16 views

Deployment of pairs with no oracles

Lines of code Vulnerability details The constructor allows both oracle options oracleMultiply and oracleDivide to be set to zero. A pair could be deployed with no oracle maliciously or unintentionally. Impact Borrowers would not be impacted by fluctuations in values of collateral or assets and...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/10/18 12:0 a.m.5 views

PT-2018-4384

Name of the Vulnerable Software and Affected Versions Koha versions 3.14.x through 3.14.15 Koha versions 3.16.x through 3.16.11 Koha versions 3.18.x through 3.18.07 Koha versions 3.20.x through 3.20.0 Description The issue allows remote attackers to execute arbitrary SQL commands via the number...

9.8CVSS9AI score0.06022EPSS
Exploits8References13
ThreatPost
ThreatPost
added 2015/11/20 7:29 a.m.15 views

Department of Education Lambasted Over Database Vulnerabilities

Like the Office of Personnel Management before it, the Department of Education has failed to heed repeated warnings that its systems contain multiple weaknesses. In a House Committee on Oversight and Government Reform hearing held this week, Congressman and committee chair Jason Chaffetz R-Utah...

7.2AI score
Exploits0References5
Rows per page
Query Builder