72 matches found
EUVD-2022-0590
Malicious code in bioql PyPI...
EUVD-2022-0541
Malicious code in bioql PyPI...
EUVD-2022-0437
Malicious code in bioql PyPI...
EUVD-2022-0720
Malicious code in bioql PyPI...
EUVD-2022-0633
Malicious code in bioql PyPI...
EUVD-2022-27262
Malicious code in bioql PyPI...
CVE-2022-22108
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the absences of all users in the system including administrators. This type of user is not authorized to view this kind of...
CVE-2022-22107
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...
CVE-2022-22109
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...
CVE-2022-22111
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the application who has update user permission enabled is able to change the password of other users, including the administrator’s. This allows the attacker to gain access to the highest privileged use...
CVE-2022-22110
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...
Insecure Session
DayByDay CRM has insecure session. The vulnerability exists due to the lack of sufficient session expiry restriction when a user change password, allowing the user to still continue the same session...
CVE-2022-22113
In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...
CVE-2022-22112
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...
Session fixation
In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...
Design/Logic Flaw
In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...
CVE-2022-22113 DayByDay CRM - Insufficient Session Expiration after Password Change
In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...
CVE-2022-22113
CVE-2022-22113 affects DayByDay CRM versions 2.2.0 through 2.2.1 (latest). The root issue is Insufficient Session Expiration: after a user or administrator changes a password, an already-logged-in session can continue to access the application. The impact is high for confidentiality, integrity, a...
CVE-2022-22113 DayByDay CRM - Insufficient Session Expiration after Password Change
In DayByDay CRM, versions 2.2.0 through 2.2.1 latest are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...
CVE-2022-22112
CVE-2022-22112 affects DayByDay CRM, versions 1.1–2.2.1. The issue is an application-wide Client-Side Template Injection (CSTI) that allows a low-privileged attacker to input template payloads at multiple locations to execute JavaScript in the client browser. The primary sources describe the vuln...