136 matches found
CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...
CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...
Magarsus Consultancy SSO Input Validation Error Vulnerability
Magarsus Consultancy SSO is a single sign-on application from Magarsus Consultancy. An input validation error vulnerability exists in Magarsus Consultancy SSO Single Sign On versions 1.0 through 1.1, which originates when a URL redirects to an untrusted site, allowing manipulation of hidden field...
CVE-2023-24373
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...
CVE-2023-24373
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...
CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...
CVE-2024-30527
Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout Accept PayPal Payments allows Manipulating Hidden Fields.This issue affects WP Express Checkout Accept PayPal Payments: from n/a through 2.3.7...
CVE-2024-24715
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0...
PT-2024-23455 · WordPress · Wp Express Checkout
Name of the Vulnerable Software and Affected Versions: WP Express Checkout Accept PayPal Payments versions through 2.3.7 Description: The issue is related to improper validation of specified quantity in input, allowing manipulation of hidden fields. This can be exploited to manipulate the checkou...
PT-2024-20511 · Unknown · The Events Calendar Bookit
Name of the Vulnerable Software and Affected Versions: The Events Calendar BookIt versions 2.4.0 and earlier Description: The issue is related to improper validation of specified quantity in input, allowing manipulation of hidden fields. This can be exploited to potentially alter or access...
CVE-2023-20111
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...
CVE-2023-20111
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...
PT-2023-4507 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive...
Design/Logic Flaw
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...
CVE-2023-30843 Payload's hidden fields can be leaked on readable collections
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...
CVE-2023-30843 Payload's hidden fields can be leaked on readable collections
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...
CVE-2023-30843 Payload's hidden fields can be leaked on readable collections
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...
Hidden fields can be leaked on readable collections in Payload
Details If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Affected versions: 1.7.0 Workarounds If you are unable to update, you can write a beforeOperation hook to remove where queries...
GHSA-35JJ-VQCF-F2JF Hidden fields can be leaked on readable collections in Payload
Details If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Affected versions: 1.7.0 Workarounds If you are unable to update, you can write a beforeOperation hook to remove where queries...
Payload 信息泄露漏洞
Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. An information disclosure vulnerability exists in Payload versions prior to 1.7.0, which stems from allowing a user to reverse-engineer hidden fields in a readable collection via brute force...