EUVD-2025-200001

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...

CVE-2025-64515 Open Forms prefill data in read-only components can be tampered

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

EUVD-2024-55065

A flaw was found in the 3scale developer portal. This issue can allow account creation or updates passed through hidden or read-only fields, the contents of which may be altered. This flaw allows an attacker to access or modify restricted information...

CVE-2024-12125

The CVE-2024-12125 affects the 3scale Developer Portal. The flaw allows account creation or updates where fields configured as read-only or hidden can be modified, exposing restricted information. Root cause: server-side validation does not enforce read-only/hidden constraints on account operatio...

Red Hat 3scale API Management Platform 安全漏洞

Red Hat 3scale API Management Platform is an infrastructure platform for API management from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform that originates from unvalidated input...

BIT-JOOMLA-2020-15697

An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users...

PT-2024-40216 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe forms affected versions not specified Description: The issue concerns form fields in SilverStripe forms that return isReadonly as true, making them vulnerable to reflected XSS injections. This includes fields like ReadonlyField,...

SAP Fiori Security Breach

SAP Fiori, a user experience UX design system for SAP applications from SAP, Germany, provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, delivering a consistent, innovative experience for creators and users. A security...

SUSE CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...

Unspecified vulnerability in Joomla! (CNVD-2020-44909)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A security vulnerability exists in Joomla! 3.9.19 and earlier versions, which can be exploited by an attacker to modify internal read-only fields in...

PT-2020-14592 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.19 and earlier Description: An issue was discovered where internal read-only fields in the User table class could be modified by users. Recommendations: For Joomla! versions 3.9.19 and earlier, update to a version that...

CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...