17 matches found
CVE-2026-6623
A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...
CVE-2026-40350
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...
CVE-2026-6623
A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...
CVE-2026-6623
CVE-2026-6623 affects BichitroGan ISP Billing Software 2025.3.20. The issue is a cross-site scripting vulnerability in the Profile Page Handler, triggered by manipulating the file path /?_route=settings/users-view/. The attack could be carried out remotely, with the CVSS indicating network access...
CVE-2026-40350 Movary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator Accounts
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...
CVE-2026-5031
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
CVE-2026-5031
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
CVE-2026-5031 BichitroGan ISP Billing Software Endpoint users-view resource injection
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
PT-2026-28743
Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...
CVE-2025-55742
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1...
CVE-2025-55742 UnoPim Stored XSS via SVG MIME/Sanitizer Bypass
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1...
SUSE CVE-2018-13054
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...
Core FTP 安全漏洞
Core FTP is a file transfer server. Core FTP LE v2.2 allows local attackers to cause a denial or service A security vulnerability exists that allows local attackers to cause a denial of service via a long string in Settings-Users-Username editbox...
USN-4844-1: Cinnamon vulnerability
Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could potentially use this vulnerability to overwrite arbitrary files as root...
EPSON EPS TSE Server Cross-Site Scripting Vulnerability
EPSON EPS TSE Server is a server from EPSON Japan. A cross-site scripting vulnerability exists in EPSON EPS TSE Server 8 that stems from a cross-site scripting XSS issue with the update user and delete user functions in settings users.php, which could be exploited by authenticated attackers to...
CVE-2020-23451
Spiceworks Version = 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function...
Cinnamon Design Vulnerability
Cinnamon is an open source desktop environment for Linux. A security vulnerability exists in Cinnamon versions 1.9.2 through 3.8.6, which originates from the cinnamon-settings-users.py GUI that can be run with root privileges and configure other users' icon files. The vulnerability can be exploit...