Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 9:40 p.m.3 views

CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

8.1CVSS5.9AI score0.00305EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/23 8:39 p.m.3 views

GHSA-QR6X-WVXR-8HM9 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

Security Advisory — My Page Profile Update Improper Authorization Summary An improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

8.1CVSS5.9AI score0.00305EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.8CVSS7AI score0.0168EPSS
Exploits1References1
Prion
Prion
added 2008/04/25 6:5 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field. NOTE: the provenance of this information is unknown; the details are obtained solely from...

3.5CVSS5.5AI score0.00833EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder