345 matches found
GHSA-246P-XMG8-WMCQ OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Summary A security vulnerability exists in oneuptime's local storage handling, where a regular user can escalate privileges by modifying the ismasteradmin key to true. This allows unauthorized access to administrative functionalities. Details The vulnerability lies in the improper validation of...
Weak Password Requirements
Weak password requirements are password policies that are too lax and allow users to create passwords that are easy to guess or crack. This can make it easier for attackers to gain unauthorized access to accounts and systems. It was discovered that the validation takes place only on the client si...
CVE-2023-35901
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380...
Input validation
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380...
CVE-2023-35901 IBM Robotic Process Automation security bypass
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380...
CVE-2023-35901
IBM Robotic Process Automation (RPA) is affected by CVE-2023-35901 due to a client-side validation bypass in specific builds. Affected versions include IBM RPA 21.0.0–21.0.7.6 and 23.0.0–23.0.6. The underlying issue allows invalid changes or values to be accepted in certain fields via the client-...
Security Bulletin: IBM Robotic Process Automation is vulnerable to client side validation bypass (CVE-2023-35901)
Summary IBM Robotic Process Automation is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. CVE-2023-35901 Vulnerability Details CVEID:CVE-2023-35901 DESCRIPTION: IBM Robotic Process Automation is vulnerable to client side validation bypass...
Medicine Tracker System 跨站脚本漏洞
Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in Medicine Tracker System. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...
CVE-2022-46773
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...
CVE-2022-46773
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...
Input validation
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...
CVE-2022-46773 IBM Robotic Process Automation security bypass
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951...
CVE-2022-46773
IBM Robotic Process Automation (IBM RPA) versions 21.0.0–21.0.7 and 23.0.0 are affected by a client-side validation bypass in credential pools, which may allow creation of invalid credential pools. The issue’s root cause is client-side validation bypass for credential pools; impact is potential m...
PT-2023-15023 · Ibm · Ibm Robotic Process Automation
Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7 IBM Robotic Process Automation version 23.0.0 Description: The issue concerns a client-side validation bypass for credential pools, which may result in the creation of invalid...
CVE-2023-0581
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...
CVE-2023-0581
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...
Design/Logic Flaw
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...
CVE-2023-0581 PrivateContent <= 8.4.3 - Protection Mechanism Bypass
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...
CVE-2023-0581
CVE-2023-0581 affects the PrivateContent WordPress plugin (up to version 8.4.3). Root cause: login protection relies on client-side validation to determine blocklisted IPs, allowing unauthenticated bypass of login restrictions. Impact is the potential to brute-force login bypass. Mitigation: upda...
CVE-2023-0581 PrivateContent <= 8.4.3 - Protection Mechanism Bypass
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...