5 matches found
PT-2026-39876
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description An authorization bypass exists in the private issue monitoring feature. A user with project-level access can send a crafted POST request to the 'bug monitor add.php' endpoint to...
DEBIAN-CVE-2016-10203
Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor...
UBUNTU-CVE-2016-10203
Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor...
CVE-2016-10203
Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor...
New Relic: rpm.newrelic.com - monitor creation to other accounts
It is possible to create monitors for other users by changing the user id in the body of the post request when creating a new monitor. Even though my tests were unsuccessful in a XSS on the monitor information, it may be an attack vector to other vulnerabilities since the monitor information show...