71 matches found
CVE-2023-31138 DHIS2 Core vulnerable to Improper Access Control with PATCH requests
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an obje...
DHIS 2 安全漏洞
DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 versions prior to 2.37.9.1, prior to 2.38.3.1, and prior to 2.39.1.2, which stems from the use of object model traversal ...
CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...
convict 安全漏洞
convict is a featured configuration management library for Node.js. A security vulnerability exists in convict, which stems from improperly controlled modifications to object prototype attributes...
Medium: pcs
Issue Overview: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data...
CVE-2021-4307 Yomguithereal Baobab prototype pollution
A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...
tree-kit vulnerable to Prototype Pollution
A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. Upgrading to version 0.7.0 is able to address this issue. The...
Prototype Pollution
steal is vulnerable to prototype pollution. The optionName variable in main.js is not validated, allowing an attacker to modify object by accessing it through the ‘proto’ property of object...
CVE-2021-42122
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s attributes with numeric format allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format, which makes the...
CVE-2021-42120
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion...
CVE-2021-42118
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object...
CVE-2021-42117
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution...
CVE-2021-42119
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...
CVE-2021-42121
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...
CVE-2021-42117
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution...
CVE-2021-42118
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object...
CVE-2021-42121
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...
Input validation
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which...
Cross site scripting
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is...
Cross site scripting
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object...