Lucene search
K

8 matches found

OSV
OSV
added 2021/11/15 5:36 p.m.20 views

GHSA-43G8-79X3-J898 Unrestricted access to predictable file paths in hov/jobfair

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS7.4AI score0.00997EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/11/15 5:36 p.m.26 views

Unrestricted access to predictable file paths in hov/jobfair

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS3.8AI score0.00997EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/11/10 4:15 p.m.22 views

CVE-2021-43564

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS0.00997EPSS
Exploits0References1
Prion
Prion
added 2021/11/10 4:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

5CVSS7.4AI score0.00997EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/10 3:4 p.m.65 views

CVE-2021-43564

The CVE-2021-43564 entry concerns the TYPO3 extension Job Fair (hov/jobfair). The vulnerability arises because the extension does not protect or obfuscate uploaded filenames, enabling an unauthenticated user to access sensitive data by guessing the filename (e.g., uploads/tx_jobfair/cv.pdf). Affe...

7.5CVSS7.4AI score0.00997EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/10 3:4 p.m.21 views

CVE-2021-43564

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.7AI score0.00997EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2018/05/10 5:55 p.m.12 views

jobfair.gov.bn XSS vulnerability

Open Bug Bounty ID: OBB-615080 Description| Value ---|--- Affected Website:| jobfair.gov.bn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/02/07 10:29 a.m.10 views

jobfair.gov.bn XSS vulnerability

Open Bug Bounty ID: OBB-554428 Description| Value ---|--- Affected Website:| jobfair.gov.bn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Rows per page
Query Builder