GHSA-CJFR-9F5R-3Q93 TYPO3 Cross-Site Request Forgery in Log Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

PT-2025-3144 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

The vulnerability of the OTRS system’s administration log module allows a violator to disclose protected information.

The vulnerability of the OTRS application’s administration log module is related to the disclosure of information through registration files. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Riverbed SteelHead VCX File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Riverbed SteelHead VCX File Read', 'Description' = %q This module exploits an authenticated arbitrary file read in the log module's filter engine...

CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

CVE-2024-43444 Passwords are written to Admin Log Module

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

CVE-2024-43444 Passwords are written to Admin Log Module

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

CVE-2024-27896

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity...

CVE-2024-27896

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity...

CVE-2024-27896

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity...

CVE-2024-27896

CVE-2024-27896 is described across multiple feeds as an input verification vulnerability in Huawei HarmonyOS/EMUI log-module. The NVD entry lists a CVSS 3.1 base score of 7.5 (HIGH) with network attack vector and no user interaction, but integrity impact is HIGH. Connected records corroborate the...

CVE-2024-27896

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity...

PT-2024-22117 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is described as an input verification vulnerability in the log module. Successful exploitation of this vulnerability can affect integrity. The...

Deciso OPNsense Cross-Site Scripting Vulnerability

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. A cross-site scripting vulnerability exists in OPNsense versions prior to 23.7, which stems from a reflected cross-site scripting XSS vulnerability in component...

Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Vulnerability

Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction ================= A...

Jedox 2020.2.5 Cross Site Scripting

Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction...

Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module

Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction...

CVE-2022-47877

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'...

Cross site scripting

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'...

Jedox 跨站脚本漏洞

Jedox is a corporate performance management software from Jedox Inc. It is used for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A security vulnerability exists in Jedox version 2020.2.5, which can be exploited by an authenticated...