CVE-2021-47743 COMMAX Biometric Access Control System 1.0.0 Reflected XSS via Cookie Parameters

COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMXADMINNM' and 'CMXCOMPLEXNM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary scripts in a victim's...

WordPress ContentMX Content Publisher plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress ContentMX Content Publisher plugin that stems from the cmxactivateconnection function not adequately verifying...

EUVD-2019-10202

Malware in sbrugna...

EUVD-2021-6989

Malicious code in bioql PyPI...

EUVD-2021-6610

Malicious code in bioql PyPI...

CVE-2025-9889 ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery

The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmxactivateconnection function. This makes it possible for unauthenticated attackers to bind...

CVE-2021-1522

A vulnerability in the change password API of Cisco Connected Mobile Experiences CMX could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability...

Design/Logic Flaw

A vulnerability in the change password API of Cisco Connected Mobile Experiences CMX could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability...

CVE-2021-1522 Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass

A vulnerability in the change password API of Cisco Connected Mobile Experiences CMX could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability...

CVE-2021-1522 Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass

A vulnerability in the change password API of Cisco Connected Mobile Experiences CMX could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability...

CVE-2021-1522

CVE-2021-1522 describes a weakness in Cisco Connected Mobile Experiences (CMX) where the server-side change-password API does not sufficiently enforce the configured password policy. An authenticated, remote attacker could use a crafted API request to change their own password to a value that vio...

CMX-TCP/IP Stack - FTP Detection

Binary data cmxtcpipstackftpdetect.nbin...

CVE-2021-1144

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

CVE-2021-1143

A vulnerability in Cisco Connected Mobile Experiences CMX API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this...

CVE-2021-1144

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

Design/Logic Flaw

A vulnerability in Cisco Connected Mobile Experiences CMX API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this...

Authorization

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

CVE-2021-1144 Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

CVE-2021-1144 Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

CVE-2021-1144

CVE-2021-1144 (CMX Privilege Escalation) affects Cisco Connected Mobile Experiences (CMX). The issue is an authorization-check flaw in password-change handling that allows a remote, authenticated user without administrative privileges to alter the password of any user, including admins, by sendin...