69 matches found
easyadmin-extension-bundle action case insensitivity
In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access...
easyadmin-extension-bundle action case insensitivity
In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access...
PT-2024-40038 · Unknown · Alterphp/Easyadmin-Extension-Bundle
Name of the Vulnerable Software and Affected Versions: alterphp/easyadmin-extension-bundle affected versions not specified Description: The issue concerns role-based access rules not handling action name case sensitivity, potentially leading to unauthorized access. Recommendations: At the moment,...
CVE-2024-3081
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
CVE-2024-3081
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
CVE-2024-3081
CVE-2024-3081 affects EasyCorp EasyAdmin up to 4.8.9. The XSS flaw is in the Autocomplete function (assets/js/autocomplete.js) where manipulating the item argument enables cross-site scripting. The issue is exploitable remotely. Upgrading to EasyAdmin 4.8.10 fixes the vulnerability (patch identif...
CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
EasyCorp EasyAdmin 跨站脚本漏洞
Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in EasyCorp EasyAdmin 4.8.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in Autocomplete's function Autocomplete ...
PT-2024-23624 · Easycorp · Easyadmin
Name of the Vulnerable Software and Affected Versions: EasyCorp EasyAdmin versions up to 4.8.9 Description: A vulnerability was found in the Autocomplete function of the file assets/js/autocomplete.js, which can lead to cross-site scripting. The manipulation of the item argument is the cause of...
CVE-2024-2828
A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...
CVE-2024-2828
A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...
CVE-2024-2828 lakernote EasyAdmin IndexController.java thumbnail server-side request forgery
A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...
CVE-2024-2828
CVE-2024-2828 affects lakernote EasyAdmin, specifically the function thumbnail in src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The issue arises from manipulation of the argument url, leading to a server-side request forgery (SSRF) . Exploitation was disclosed publicly...
CVE-2024-2828 lakernote EasyAdmin IndexController.java thumbnail server-side request forgery
A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...
CVE-2024-2827
A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploi...
CVE-2024-2827
A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploi...
CVE-2024-2826
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...
CVE-2024-2825
A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...
CVE-2024-2826
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...