19 matches found
EUVD-2024-27584
Malicious code in bioql PyPI...
EUVD-2024-27585
Malicious code in bioql PyPI...
CVE-2024-2636
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/updatepassword.jsp' file. Modifying the 'M4NEWPASSWORD' parameter, an attacker could store a malicious JSP file inside the file...
CVE-2024-2635
The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...
CVE-2024-2636 Multiple vulnerabilities on Meta4 HR from Cegid
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/updatepassword.jsp' file. Modifying the 'M4NEWPASSWORD' parameter, an attacker could store a malicious JSP file inside the file...
CVE-2024-2636
The CVE-2024-2636 issue affects Cegid Meta4 HR and is an Unrestricted Upload of File vulnerability. An attacker can upload malicious files via the path /config/espanol/update_password.jsp by modifying the M4_NEW_PASSWORD parameter, enabling a potentially executed JSP file when loaded by the appli...
CVE-2024-2636 Multiple vulnerabilities on Meta4 HR from Cegid
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/updatepassword.jsp' file. Modifying the 'M4NEWPASSWORD' parameter, an attacker could store a malicious JSP file inside the file...
CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid
The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...
CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid
The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...
CVE-2024-2635
CVE-2024-2635 affects Cegid Meta4 HR. The root issue is that configuration pages are exposed on an Internet-facing web server, revealing file paths to the client. This is described as a vulnerability in the product’s configuration pages, with a CVSS 3.1 base score of 7.3 ( NETWORK, LOW complexity...
CVE-2024-2634 Multiple vulnerabilities on Meta4 HR from Cegid
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/ssegenerico/genericologin.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/ssegenerico/genericologin.jsp?lang=%27%3balert%27BLEUSS%27%2f%2f¶ms='...
CVE-2024-2634 Multiple vulnerabilities on Meta4 HR from Cegid
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/ssegenerico/genericologin.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/ssegenerico/genericologin.jsp?lang=%27%3balert%27BLEUSS%27%2f%2f¶ms='...
CVE-2024-2633 Multiple vulnerabilities on Meta4 HR from Cegid
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert1%3E¶ms'...
CVE-2024-2633 Multiple vulnerabilities on Meta4 HR from Cegid
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert1%3E¶ms'...
Meta4 HR security breach
Cegid Meta4 HR is a human resource management software HRM platform from Cegid Corporation. A security vulnerability exists in Meta4 HR version 819.001.022 and prior versions, which stems from a configuration page being placed on an Internet-facing web server, resulting in a file path being expos...
Meta4 HR Cross-Site Scripting Vulnerability
Cegid Meta4 HR is a human resource management software HRM platform from Cegid. A cross-site scripting vulnerability exists in Meta4 HR version 819.001.022 and earlier, which stems from a cross-site scripting XSS vulnerability in the endpoint /segenerico/genericologin.jsp...
PT-2024-21368 · Cegid · Cegid Meta4 Hr
Name of the Vulnerable Software and Affected Versions: Cegid Meta4 HR affected versions not specified Description: An Unrestricted Upload of File issue allows an attacker to upload malicious files to the server via the "/config/espanol/update password.jsp" file. By modifying the M4 NEW PASSWORD...
cegid.fr XSS vulnerability
Vulnerable URL: http://www.cegid.fr/Recherche/Recherche.aspx?r=%3C/span%3E%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 301005 VIP website status:| No Check...
cegid.com XSS vulnerability
Vulnerable URL: http://www.cegid.com/sinequa/search?SearchText=999%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E= Details: Description| Value ---|--- Patched:| Yes, at 04.11.2016 Latest check for patch:| 04.11.2016 15:04 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclose...