10 matches found
CVE-2025-1271
Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...
CVE-2025-1270
Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...
CVE-2025-1270
Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...
CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...
CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...
CVE-2025-1270
CVE-2025-1270 describes an IDOR vulnerability in Anapi Group’s h6web. An authenticated attacker can access other users’ information by sending a POST to /h6web/ha_datos_hermano.php and altering the pkrelated parameter to reference a different user, with the first request potentially enabling impe...
CVE-2025-1270 Insecure direct object reference (IDOR) vulnerability in H6Web
Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...
CVE-2025-1270 Insecure direct object reference (IDOR) vulnerability in H6Web
Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...
Anapi h6web 安全漏洞
Anapi h6web is a management software from Anapi. A security vulnerability exists in Anapi h6web that stems from the presence of an insecure direct object reference vulnerability that could lead to an attacker obtaining information about other users...
PT-2025-6872
Name of the Vulnerable Software and Affected Versions: h6web versions affected versions not specified Description: The issue is a Reflected Cross-Site Scripting XSS flaw that could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code i...