32 matches found
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
EUVD-2021-14309
Malware in sbrugna...
EUVD-2021-14308
Malware in sbrugna...
EUVD-2020-20651
Malware in sbrugna...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
Cross-site Scripting (XSS)
EasyCorp is vulnerable to the Cross-site Scripting XSS. The vulnerability is due to improper handling of the 'item' argument in the Autocomplete function within the file assets/js/autocomplete.js of the Autocomplete component, leading to cross-site scripting XSS attacks...
CVE-2024-3081
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
CVE-2024-3081
CVE-2024-3081 affects EasyCorp EasyAdmin up to 4.8.9. The XSS flaw is in the Autocomplete function (assets/js/autocomplete.js) where manipulating the item argument enables cross-site scripting. The issue is exploitable remotely. Upgrading to EasyAdmin 4.8.10 fixes the vulnerability (patch identif...
CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
easycorp.com.hk Cross Site Scripting vulnerability OBB-3881092
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
Cross site scripting
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
Code injection
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
CVE-2021-27558
ZenTao (EasyCorp) 12.5.3 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to run arbitrary web scripts via multiple areas, including data-link-creator. The root cause is not explicitly detailed in the provided documents beyond the XSS vector; affected compone...