143 matches found
CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" show mode, "database.php" show mode or "search.php". It works by providing HTML code in the extended...
eLabFTW 代码注入漏洞
eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A code injection vulnerability exists in eLabFTW versions prior to 5.1.5. An attacker can exploit this vulnerability to execute arbitrary...
PT-2024-32837 · Elabftw · Elabftw
Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.5 Description: A vulnerability in eLabFTW allows an attacker to inject arbitrary HTML tags in the pages "experiments.php" show mode, "database.php" show mode, or "search.php". This is achieved by providing HTML...
CVE-2024-45408
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...
CVE-2024-25632
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...
CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...
CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...
CVE-2024-45408
CVE-2024-45408 — eLabFTW : An incorrect permission check could allow an authenticated user to access restricted information; if anonymous access is enabled, it may affect anyone. Affected software: eLabFTW (open source electronic lab notebook). Root cause: faulty access control logic. Impact: pot...
CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...
CVE-2024-25632
CVE-2024-25632 affects eLabFTW. A regular user can become an administrator of a team where they are a member under a reasonable configuration, and in versions after v5.0.0 an initially unauthenticated user may gain administrative privileges over an arbitrary team. The vulnerability does not grant...
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...
eLabFTW 安全漏洞
eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW that stems from allowing initially unauthenticated users to gain administrative access to...
eLabFTW 访问控制错误漏洞
eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux systems and supports storing a wide range of objects. An access control error vulnerability exists in eLabFTW that stems from the presence of incorrect privilege checking that allows ...
CVE-2024-28100
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...
CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...
CVE-2024-28100
CVE-2024-28100 affects eLabFTW prior to 5.0.0. It describes a stored cross-site scripting (XSS) issue triggered when visiting a list of experiments after uploading specially crafted files, allowing a visitor’s browser to run arbitrary JavaScript in the eLabFTW context. Consequences include acting...
CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...
eLabFTW 安全漏洞
eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A security vulnerability exists in eLabFTW versions prior to 5.0.0. An attacker exploiting this vulnerability could run arbitrary...
PT-2024-22265 · Elabftw · Elabftw
Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.0.0 Description: The issue allows a regular user to create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application by uploading specially crafted files. Thi...