6045 matches found
CVE-2024-42834
A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Create User process, which involves uploading a profile image. An attacker can exploit this by uploading a malicious SVG file containing a maliciously crafted script, which executes when the profile...
GHSA-CGR4-C233-H733 UnoPim Stored XSS : Cookie hijacking through Create User function
Summary A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to...
UnoPim Stored XSS : Cookie hijacking through Create User function
Summary A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to...
CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
CVE-2024-52305
CVE-2024-52305 affects UnoPim (Laravel). The issue resides in the Create User flow, where uploading a profile image (notably SVG) can execute embedded scripts, enabling a stored XSS that can steal cookies and potentially hijack sessions. Affected versions include the UnoPim releases prior to the ...
CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
CVE-2024-52305 UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
CVE-2024-42834
A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...
baltic-it TOPqw Webportal 安全漏洞
baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version 1.35.287.1, which stems from a SQL...
CVE-2024-42834
A stored cross-site scripting XSS vulnerability in the Create Customer API in Incognito Service Activation Center SAC UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter...
PT-2024-28833 · Cybele · Thinfinity Workspace
Name of the Vulnerable Software and Affected Versions: Cybele Software Thinfinity Workspace versions prior to 7.0.2.113 Description: The issue is related to an access control problem in the Create Profile section, allowing attackers to create arbitrary user profiles with elevated privileges. This...
PT-2024-35166 · Unopim · Unopim
Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.1.5 Description: A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
The vulnerability of the Create MyConfig (CMC) utility in Siemens Sinumerik programmable logic controllers allows a perpetrator to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the Create MyConfig CMC utility in Siemens Sinumerik programmable logic controllers is related to the disclosure of information through registration files in the log files. Exploiting this vulnerability can allow attackers to circumvent security restrictions and gain...
CVE-2024-40408
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges...
CVE-2024-45875
The CVE concerns baltic-it TOPqw Webportal 1.35.287.1, with a fix in 1.35.291. The vulnerability exists in the create user function at /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, where the JSON object username enables SQL query manipulation. This is a SQL injection in the user-creation path,...
CVE-2024-9842
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders...
kernel: net/mlx5e: fix a double-free in arfs_create_groups
A double-free vulnerability was found in the arfscreategroups function in the Linux kernel's net/mlx5e driver. This issue could lead to memory corruption or a system crash if exploited, as freeing the same memory twice may cause undefined behavior...
SUSE CVE-2024-50243
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...
DEBIAN-CVE-2024-50243
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix general protection fault in runismappedfull Fixed deleating of a non-resident attribute in ntfscreateinode rollback...