32 matches found
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
EUVD-2021-14308
Malware in sbrugna...
EUVD-2021-14309
Malware in sbrugna...
EUVD-2020-20651
Malware in sbrugna...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
Cross-site Scripting (XSS)
EasyCorp is vulnerable to the Cross-site Scripting XSS. The vulnerability is due to improper handling of the 'item' argument in the Autocomplete function within the file assets/js/autocomplete.js of the Autocomplete component, leading to cross-site scripting XSS attacks...
CVE-2024-3081
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
CVE-2024-3081
CVE-2024-3081 affects EasyCorp EasyAdmin up to 4.8.9. The XSS flaw is in the Autocomplete function (assets/js/autocomplete.js) where manipulating the item argument enables cross-site scripting. The issue is exploitable remotely. Upgrading to EasyAdmin 4.8.10 fixes the vulnerability (patch identif...
CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
CVE-2024-3081 EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...
easycorp.com.hk Cross Site Scripting vulnerability OBB-3881092
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
Code injection
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
Cross site scripting
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27558
ZenTao (EasyCorp) 12.5.3 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to run arbitrary web scripts via multiple areas, including data-link-creator. The root cause is not explicitly detailed in the provided documents beyond the XSS vector; affected compone...