13 matches found
CVE-2023-38988
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38991
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
Information disclosure
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
CVE-2023-38991
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
Information disclosure
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator...
CVE-2023-38990
CVE-2023-38990 affects Jeesite v1.2.6, where an issue in the MenuController.delete function allows an authenticated attacker to arbitrarily delete menus created by the Administrator. The vulnerability stems from improper authorization/validation in the delete path, leading to unauthorized state c...
Information disclosure
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38989
Jeesite v1.2.6 has a vulnerability in the delete function of the UserController that allows authenticated attackers to arbitrarily delete the Administrator’s role information. Multiple sources (NVD, RH, OSV, CVE lists, and PTSecurity) confirm the affected software/version and the underlying issue...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
Information disclosure
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
CVE-2023-38988
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...