Lucene search
K

71 matches found

OSV
OSV
added 2023/05/09 2:11 p.m.26 views

CVE-2023-31138 DHIS2 Core vulnerable to Improper Access Control with PATCH requests

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...

7.1CVSS6.4AI score0.00609EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.9 views

DHIS 2 安全漏洞

DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 versions prior to 2.37.9.1, prior to 2.38.3.1, and prior to 2.39.1.2, which stems from the use of object model traversal ...

7.1CVSS6.4AI score0.00609EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/04/05 12:0 a.m.4 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

6.3AI score0.01404EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.3 views

convict 安全漏洞

convict is a featured configuration management library for Node.js. A security vulnerability exists in convict, which stems from improperly controlled modifications to object prototype attributes...

8.4CVSS5.5AI score0.00275EPSS
Exploits1References2
Amazon
Amazon
added 2023/01/20 12:0 a.m.83 views

Medium: pcs

Issue Overview: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data...

6.1CVSS6.6AI score0.87218EPSS
Exploits4
Cvelist
Cvelist
added 2023/01/07 7:28 p.m.19 views

CVE-2021-4307 Yomguithereal Baobab prototype pollution

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

6.5CVSS9.8AI score0.0126EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/12/25 6:30 p.m.27 views

tree-kit vulnerable to Prototype Pollution

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. Upgrading to version 0.7.0 is able to address this issue. The...

7.8CVSS4.9AI score0.00427EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2022/09/16 8:32 a.m.24 views

Prototype Pollution

steal is vulnerable to prototype pollution. The optionName variable in main.js is not validated, allowing an attacker to modify object by accessing it through the ‘proto’ property of object...

9.8CVSS8.8AI score0.01195EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/30 12:15 p.m.3 views

CVE-2021-42122

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the...

4.3CVSS5.8AI score0.00748EPSS
Exploits0References2
OSV
OSV
added 2021/11/30 12:15 p.m.4 views

CVE-2021-42120

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion...

6.5CVSS5.8AI score0.01065EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 12:15 p.m.2 views

CVE-2021-42118

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object...

5.4CVSS6AI score0.00659EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 12:15 p.m.3 views

CVE-2021-42117

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution...

5.4CVSS6.3AI score0.00705EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 12:15 p.m.5 views

CVE-2021-42119

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...

5.4CVSS5.9AI score0.00513EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 12:15 p.m.12 views

CVE-2021-42121

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...

4.3CVSS0.00999EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 12:15 p.m.16 views

CVE-2021-42117

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution...

5.4CVSS0.00705EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 12:15 p.m.12 views

CVE-2021-42118

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object...

8.1CVSS0.00659EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 12:15 p.m.5 views

CVE-2021-42121

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...

4.3CVSS5.8AI score0.00999EPSS
Exploits0References1
Prion
Prion
added 2021/11/30 12:15 p.m.13 views

Input validation

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which...

4CVSS4.6AI score0.00999EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/30 12:15 p.m.16 views

Cross site scripting

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is...

3.5CVSS5.3AI score0.00513EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/11/30 12:15 p.m.11 views

Cross site scripting

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object...

3.5CVSS5.4AI score0.00659EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder