9 matches found
SQL Injection
Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to SQL Injection via the endpoints accepting dynamic query for Collections. An attacker can access sensitive information or modify data by submitting specially...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via /ui/api/query/«queryid» and /v1/query/«queryid» endpoints. An attacker can obtain sensitive credentials by accessing the serialized query JSON after performing wri...
Zimbra 安全漏洞
Zimbra is an open source email collaboration platform from Zimbra, Inc. A security vulnerability exists in Zimbra versions 9.0 through 10.1, which stems from a lack of CSRF token validation on GraphQL endpoints, which could lead to unauthorized operations...
CVE-2023-46942
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints...
CVE-2019-3911
Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...
CVE-2019-3911
Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...