Lucene search
K

136 matches found

Cvelist
Cvelist
added 2024/06/26 3:9 p.m.20 views

CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...

6.1CVSS0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/26 3:9 p.m.16 views

CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.6 views

Magarsus Consultancy SSO Input Validation Error Vulnerability

Magarsus Consultancy SSO is a single sign-on application from Magarsus Consultancy. An input validation error vulnerability exists in Magarsus Consultancy SSO Single Sign On versions 1.0 through 1.1, which originates when a URL redirects to an untrusted site, allowing manipulation of hidden field...

6.1CVSS6.7AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2024/06/03 10:15 p.m.2 views

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

9.8CVSS5.8AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2024/06/03 10:15 p.m.23 views

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

9.8CVSS4.3AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/03 9:35 p.m.30 views

CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

3.7CVSS4.3AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2024/05/17 9:15 a.m.21 views

CVE-2024-30527

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout Accept PayPal Payments allows Manipulating Hidden Fields.This issue affects WP Express Checkout Accept PayPal Payments: from n/a through 2.3.7...

7.5CVSS7.6AI score0.00521EPSS
Exploits0References1
NVD
NVD
added 2024/05/17 9:15 a.m.20 views

CVE-2024-24715

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0...

6.5CVSS6.5AI score0.00482EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.4 views

PT-2024-23455 · WordPress · Wp Express Checkout

Name of the Vulnerable Software and Affected Versions: WP Express Checkout Accept PayPal Payments versions through 2.3.7 Description: The issue is related to improper validation of specified quantity in input, allowing manipulation of hidden fields. This can be exploited to manipulate the checkou...

7.5CVSS9.3AI score0.00521EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.4 views

PT-2024-20511 · Unknown · The Events Calendar Bookit

Name of the Vulnerable Software and Affected Versions: The Events Calendar BookIt versions 2.4.0 and earlier Description: The issue is related to improper validation of specified quantity in input, allowing manipulation of hidden fields. This can be exploited to potentially alter or access...

6.5CVSS9.3AI score0.00482EPSS
Exploits0References4
NVD
NVD
added 2023/08/16 10:15 p.m.27 views

CVE-2023-20111

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...

6.5CVSS6.3AI score0.00555EPSS
Exploits0References1
OSV
OSV
added 2023/08/16 10:15 p.m.3 views

CVE-2023-20111

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...

6.5CVSS5.8AI score0.00555EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.6 views

PT-2023-4507 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive...

6.8CVSS6.2AI score0.00555EPSS
Exploits0References9
Prion
Prion
added 2023/04/26 9:15 p.m.13 views

Design/Logic Flaw

Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...

4CVSS6.4AI score0.0063EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/26 8:32 p.m.37 views

CVE-2023-30843 Payload's hidden fields can be leaked on readable collections

Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...

7.4CVSS7.6AI score0.0063EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/26 8:32 p.m.21 views

CVE-2023-30843 Payload's hidden fields can be leaked on readable collections

Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...

7.4CVSS7.4AI score0.0063EPSS
Exploits0References2
OSV
OSV
added 2023/04/26 8:32 p.m.24 views

CVE-2023-30843 Payload's hidden fields can be leaked on readable collections

Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...

7.4CVSS6.6AI score0.0063EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/04/26 7:45 p.m.23 views

Hidden fields can be leaked on readable collections in Payload

Details If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Affected versions: 1.7.0 Workarounds If you are unable to update, you can write a beforeOperation hook to remove where queries...

7.4CVSS5.9AI score0.0063EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/04/26 7:45 p.m.42 views

GHSA-35JJ-VQCF-F2JF Hidden fields can be leaked on readable collections in Payload

Details If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Affected versions: 1.7.0 Workarounds If you are unable to update, you can write a beforeOperation hook to remove where queries...

7.4CVSS6.7AI score0.0063EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.4 views

Payload 信息泄露漏洞

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. An information disclosure vulnerability exists in Payload versions prior to 1.7.0, which stems from allowing a user to reverse-engineer hidden fields in a readable collection via brute force...

7.4CVSS6.7AI score0.0063EPSS
Exploits0References3
Rows per page
Query Builder