CVE-2020-36902

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ftgrp' parameter. Attackers can send a GET request to /html/user with 'ftgrp' set to integer value '3' to gain super admin rights without...

CVE-2020-36902

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ftgrp' parameter. Attackers can send a GET request to /html/user with 'ftgrp' set to integer value '3' to gain super admin rights without...

CVE-2020-36902

CVE-2020-36902 affects UBICOD Medivision Digital Signage 1.5.1. Affected component: authorization logic accessible via the /html/user endpoint. Root cause: manipulation of the ft[grp] parameter allows normal users to escalate privileges to super admin without authentication. Impact: unauthorized ...

PT-2025-50523

Name of the Vulnerable Software and Affected Versions UBICOD Medivision Digital Signage version 1.5.1 Description A flaw exists in UBICOD Medivision Digital Signage that allows normal users to gain elevated privileges. This is achieved by manipulating the ftgrp parameter. Specifically, sending a...

EUVD-2021-2027

Malware in sbrugna...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

CVE-2024-20941

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: HTML UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful...

GravCMS Remote Command Execution

This module exploits arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify...

CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

CVE-2007-2993

Multiple cross-site scripting XSS vulnerabilities in OmegaMw7.asp in OMEGA aka Omegasoft INterneSErvicesLosungen INSEL allow remote attackers to inject arbitrary web script or HTML via 1 user-created text fields; the 2 F05003, 3 F05005, and 4 F05015 fields; and other unspecified standard fields...