13 matches found
Improper Authentication
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...
CVE-2021-43116
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...
Improper access control
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...
CVE-2021-43116
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...
Improper Authentication
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...
CVE-2021-43116
CVE-2021-43116 affects Nacos 2.0.3 via an Access Control vulnerability in the login flow. According to the connected exploit material, an attacker can login by capturing authentication traffic and modifying the returned package after submitting credentials on the access prompt page, effectively b...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
CVE-2021-44667
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
CVE-2021-44667
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
CVE-2021-44667
CVE-2021-44667 is a Cross Site Scripting (XSS) vulnerability in Nacos 2.0.3 affecting the auth/users endpoint via the pageSize and pageNo parameters. The issue arises from insufficient input validation/filtering of user-supplied data, enabling attacker-controlled scripts to be executed in the vic...
CVE-2021-44667
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Cross Site Scripting XSS vulnerability exists in Nacos 2.0.3 in auth/users via the 1 pageSize and 2 pageNo parameters...