368 matches found
PT-2024-28906 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-40540
CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...
CVE-2024-40541
Summary: CVE-2024-40541 affects my-springsecurity-plus prior to v2024.07.03, with a SQL injection vulnerability exposed via the dataScope parameter at the /api/dept/build endpoint. What’s vulnerable: my-springsecurity-plus components handling the dataScope input for that API path. Root cause / im...
CVE-2024-6681
A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...
CVE-2024-6681 witmy my-springsecurity-plus dept sql injection
A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...
CVE-2024-6680
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
CVE-2024-6680
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
my-springsecurity-plus Security Vulnerabilities
my-springsecurity-plus is a SpringBoot and SpringSecurity based RBAC backend privilege management system by codermy individual developer. A security vulnerability exists in my-springsecurity-plus prior to 2024.07.03, which stems from some unknown functionality in file/api/dept, where manipulation...
PT-2024-37796 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue was found in the software, affecting an unknown functionality of the file "/api/dept/build". The manipulation of the params.dataScope argument leads to SQL injection...
my-springsecurity-plus SQL Injection Vulnerability
my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in the file /api/dept/buil...
U.S. Dept Of Defense: Cross Site Scripting
The researchers discovered a cross-site scripting XSS vulnerability on the www.███.██████████ website. The vulnerability was found to only work in the Firefox browser. The affected product and version were not specified. No CVE numbers were provided. The vulnerability allowed for the execution of...
J2EEFAST 安全漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the getDeptList function in the...
U.S. Dept Of Defense: reflected xss [CVE-2020-3580]
The application was vulnerable to cross-site scripting XSS due to insufficient input validation. This allowed an attacker to inject malicious scripts that could be executed in the victim's browser...
U.S. Dept Of Defense: Missing Access Control Allows for User Creation and Privilege Escalation
The RSI Test Environment application had a vulnerability that allowed unauthenticated users to create new user accounts and grant them administrator privileges. This provided unauthorized access to restricted information and documents within the application...
U.S. Dept Of Defense: CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots
CVE-2021-39226 was discovered in Grafana, where authenticated and unauthenticated users were able to view and delete snapshots by accessing specific endpoints. The vulnerability allowed for unauthorized access and deletion of snapshot data...
U.S. Dept Of Defense: DBMS information getting exposed publicly on -- [ ██████████ ]
A public file was found that exposed sensitive data from the website's database, including hashed user information and other configuration details. The file contained SQL statements that could be used to access the database, potentially revealing confidential data...
U.S. Dept Of Defense: Xss - ███
The parameter 'goal1Costs' was vulnerable to cross-site scripting XSS attack. The vulnerability allowed the attacker to inject malicious JavaScript code into the application, which could be executed by the users viewing the report...
U.S. Dept Of Defense: Xss Parameter: /<s>/[*]/<s>.css ████████
The request included a cross-site scripting XSS vulnerability in the parameter /\u003cs\u003e//\u003cs\u003e.css. The vulnerability was triggered by including malicious code in the request, which could have been executed when the request was processed...