CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie. PoC php 1. Login as Admin 2. Go to Syst...

CVE-2018-17369

CVE-2018-17369 affects the SpringBoot Authority project up to 2017-03-06, with a stored XSS vulnerability on the admin/role/edit page through the parameters roleKey, name, or description. The issue is documented across multiple sources (NVD, CNVD, CVE records) and is described as input-based stor...