24 matches found
TOTVS Fluig Platform - Cross-Site Scripting
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...
Exploit for Cross-site Scripting in Totvs Fluig
FLUIG-Vulnerabilidade-CVE-2023-6275 Nov 24, 2023 — A vulnerabi...
CVE-2023-6275
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "...
CVE-2020-29134
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...
CVE-2023-6275
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...
CVE-2023-6275
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...
Cross site scripting
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...
CVE-2023-6275 TOTVS Fluig Platform mobileredir openApp.jsp cross site scripting
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...
CVE-2023-6275 TOTVS Fluig Platform mobileredir openApp.jsp cross site scripting
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...
CVE-2023-6275
TOTVS Fluig Platform (versions 1.6.x–1.8.1) is affected by a Cross-Site Scripting in the mobileredir/openApp.jsp component. The vulnerability arises from manipulating the redirectUrl/user parameters, e.g. redirectUrl/user with payloads like >, enabling reflected XSS. The issue may be exploited...
TOTVS Fluig Cross-Site Scripting Vulnerability
TOTVS Fluig is an application from TOTVS Portugal. It is used to automate ERP tasks. A cross-site scripting vulnerability exists in TOTVS Fluig Platform, which stems from the parameter redirectUrl/user in the file /mobileredir/openApp.jsp can lead to a cross-site scripting vulnerability...
PT-2023-32588 · Totvs · Totvs Fluig Platform
Name of the Vulnerable Software and Affected Versions: TOTVS Fluig Platform versions 1.6.x through 1.8.1 Description: A problematic issue was found in the TOTVS Fluig Platform, affecting some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation...
TOTVS Fluig Platform Directory Traversal (CVE-2020-29134)
A directory traversal vulnerability exists in TOTVS Fluig Platform. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
CVE-2020-29134
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...
CVE-2020-29134
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...
Path traversal
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...
CVE-2020-29134
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...
CVE-2020-29134
CVE-2020-29134 (Totvs Fluig platform) affects Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4, via a base64-encoded directory traversal in the parameter file. Root cause: path traversal enabling access to filesystem and sensitive files. Impact (as described): reading of sensitive XML files that may...
Fluig 1.7.0 - Path Traversal
Exploit Title: Fluig 1.7.0 - Path Traversal Date: 26/11/2020 Exploit Author: Lucas Souza Vendor Homepage: https://www.totvs.com/fluig/ Version: payload.txt curl -s https://raw.githubusercontent.com/lucxssouza/banners/main/xFluig/banner banner -- FUNCTIONS -- function create-payload wordlist.txt...
Fluig 1.7.0 Path Traversal
Exploit Title: Fluig 1.7.0 - Path Traversal Date: 26/11/2020 Exploit Author: Lucas Souza Vendor Homepage: https://www.totvs.com/fluig/ Version: payload.txt curl -s https://raw.githubusercontent.com/lucxssouza/banners/main/xFluig/banner banner -- FUNCTIONS -- function create-payload wordlist.txt...