Lucene search
K

13 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2022/07/06 12:0 a.m.49 views

Improper Authentication

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...

8.8CVSS3.2AI score0.07229EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2022/07/05 2:15 p.m.18 views

CVE-2021-43116

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...

8.8CVSS8.6AI score
Exploits0References3
Prion
Prion
added 2022/07/05 2:15 p.m.14 views

Improper access control

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...

6.5CVSS8.5AI score0.07229EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2022/07/05 12:0 a.m.30 views

CVE-2021-43116

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...

8.8AI score0.07229EPSS
Exploits4References3
GitLab Advisory Database
GitLab Advisory Database
added 2022/07/05 12:0 a.m.44 views

Improper Authentication

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...

8.8CVSS3.2AI score0.07229EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2022/07/05 12:0 a.m.127 views

CVE-2021-43116

CVE-2021-43116 affects Nacos 2.0.3 via an Access Control vulnerability in the login flow. According to the connected exploit material, an attacker can login by capturing authentication traffic and modifying the returned package after submitting credentials on the access prompt page, effectively b...

8.8CVSS8.4AI score0.07229EPSS
Exploits4References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/12 12:0 a.m.27 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...

6.1CVSS3.2AI score0.00818EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/03/11 7:15 p.m.21 views

CVE-2021-44667

A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...

6.1CVSS0.00818EPSS
Exploits1References1
OSV
OSV
added 2022/03/11 7:15 p.m.16 views

CVE-2021-44667

A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/03/11 7:15 p.m.13 views

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...

4.3CVSS5.9AI score0.00818EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/03/11 6:39 p.m.119 views

CVE-2021-44667

CVE-2021-44667 is a Cross Site Scripting (XSS) vulnerability in Nacos 2.0.3 affecting the auth/users endpoint via the pageSize and pageNo parameters. The issue arises from insufficient input validation/filtering of user-supplied data, enabling attacker-controlled scripts to be executed in the vic...

6.1CVSS5.8AI score0.00818EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/11 6:39 p.m.32 views

CVE-2021-44667

A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...

6.1AI score0.00818EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/11 12:0 a.m.31 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...

6.1CVSS3.2AI score0.00818EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder