22 matches found
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
EUVD-2023-49683
Malicious code in bioql PyPI...
EUVD-2023-49685
Malicious code in bioql PyPI...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
Information disclosure
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
GRANDING UTime Master Cross-Site Scripting Vulnerability
GRANDING UTime Master is a powerful web-based time and attendance management software from GRANDING. A security vulnerability exists in GRANDING UTime Master v9.0.7-Build: Apr 4,2023 that originates from a vulnerability that could allow an authenticated attacker to execute arbitrary web script or...
CVE-2023-45393
An indirect object reference IDOR in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2023-45393
GRANDING UTime Master 9.0.7-Build: Apr 4, 2023 is affected by an indirect object reference (IDOR) vulnerability that allows authenticated attackers to access sensitive information via a crafted cookie. Root cause is IDOR in cookie handling; impact is information disclosure with CVSS 3.1 base scor...
GRANDING UTime Master Security Vulnerability
GRANDING UTime Master is a powerful web-based time and attendance management software from GRANDING. A security vulnerability exists in GRANDING UTime Master v9.0.7-Build: Apr 4,2023 that stems from a vulnerability that allows an authenticated attacker to access sensitive information via a crafte...
CVE-2023-45391
A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...
CVE-2023-45391
CVE-2023-45391 describes a stored XSS in the Granding UTime Master product. According to Red Hat and other sources, the vulnerability arises in the Create A New Employee function for Granding UTime Master v9.0.7-Build: Apr 4, 2023, where an attacker with authenticated access can inject arbitrary ...