12 matches found
PT-2026-35962
Name of the Vulnerable Software and Affected Versions IdentityIQ affected versions not specified Description An authenticated identity acting as the requestor or assignee of a work item can edit a role definition without possessing the required capability for role editing. Recommendations At the...
CVE-2026-2972
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...
CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...
CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. T...
CVE-2025-12963 LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2.29. This is due to the plugin not properly validating a user's identity via the...
CVE-2025-12963 LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2.29. This is due to the plugin not properly validating a user's identity via the...
SPPanAdmin 代码注入漏洞
SPPanAdmin is a basic framework for backend management system by reckcn individual developers. A code injection vulnerability exists in SPPanAdmin version 1.0, which originates from the parameter name in the file /admin/role/edit that can lead to cross-site scripting...
PT-2025-3868 · Unknown · Reckon Sppanadmin
Name of the Vulnerable Software and Affected Versions: reckcn SPPanAdmin version 1.0 Description: A cross-site scripting issue was found in the software, allowing for remote exploitation. The manipulation of the name argument in the "/;/admin/role/edit" file leads to this issue. Other parameters...
PT-2024-30561 · Kanister +1 · Kanister +1
Name of the Vulnerable Software and Affected Versions: Kanister affected versions not specified Description: Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding...
springboot_authority cross-site scripting vulnerability
springbootauthority is a backend management system. The system includes modules for user management, role management, and resource connection management. A cross-site scripting vulnerability exists in the admin/role/edit page in springbootauthority 2017-03-06 and earlier versions, which can be...
CVE-2018-17369
An issue was discovered in springbootauthority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter...
Cross site scripting
An issue was discovered in springbootauthority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter...