Lucene search
K

51 matches found

Cvelist
Cvelist
added 2023/06/05 12:0 a.m.15 views

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

6.8AI score0.00394EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.5 views

miniCal 跨站请求伪造漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site request forgery vulnerability , attackers can use the GIA vulnerability to forge malicious requests to lure the victim to click to perform sensitive operations...

6.5CVSS6.8AI score0.00394EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/05 12:0 a.m.8 views

CVE-2023-33409

Minical 1.0.0 is vulnerable to Cross Site Request Forgery CSRF via minical/public/application/controllers/settings/company.php...

7.3AI score0.00394EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.4 views

miniCal 跨站脚本漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

5.4CVSS6.2AI score0.00548EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.6 views

PT-2023-24336 · Minical · Minical

Name of the Vulnerable Software and Affected Versions: Minical versions 1.0.0 and earlier Description: The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This is due to insufficient input validation on the Customer Name field in the Accounting...

8.8CVSS7.7AI score0.01163EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.5 views

miniCal 安全漏洞

miniCal is miniCal open source an open source PMS. miniCal 1.0.0 and earlier versions exist CSV injection vulnerability , the vulnerability stems from improperly neutralized formula elements in CSV files , an attacker can exploit the vulnerability to remotely execute code...

8.8CVSS7.6AI score0.01163EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.5 views

PT-2023-24335 · Minical · Minical

Name of the Vulnerable Software and Affected Versions: Minical version 1.0.0 Description: The issue is related to Cross Site Request Forgery CSRF via the minical/public/application/controllers/settings/company.php file. This means an attacker could potentially trick a user into performing...

6.5CVSS6.9AI score0.00394EPSS
Exploits1References8
CVE
CVE
added 2023/06/05 12:0 a.m.142 views

CVE-2023-33410

CVE-2023-33410 affects Minical 1.0.0 and earlier. The vulnerability stems from insufficient input validation in the Customer Name field of the Accounting module used to construct CSV files, enabling a CSV injection that, per sources, can allow an attacker to execute remote code. Affected versions...

8.8CVSS8.7AI score0.01163EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/06/05 12:0 a.m.45 views

CVE-2023-33408

CVE-2023-33408 affects Minical 1.0.0 with a Cross-Site Scripting (XSS) vulnerability caused by insufficient input validation in security_helper.php. The connected sources (NVD, Red Hat, CNVD/CNNVD, OSV, CVE listing, and others) consistently describe XSS impact; a GitHub exploit entry provides a s...

5.4CVSS5.2AI score0.00548EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2023/06/05 12:0 a.m.45 views

CVE-2023-33409

Minical 1.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in the file minical/public/application/controllers/settings/company.php. The issue is described across multiple sources as a CSRF path that could allow an attacker to induce the victim to perform unintended actions wit...

6.5CVSS6.5AI score0.00394EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2023/06/02 5:30 a.m.7 views

Exploit for Cross-site Scripting in Minical

CVE-2023-33408 Minical 1.0.0 is vulnerable to Stored Cross-Si...

5.4CVSS5.5AI score0.00548EPSS
Exploits2
Rows per page
Query Builder