3 matches found
Wagtail has improper permission handling when deleting form submissions
Impact A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor...
PT-2025-34280 · Esri · Esri Arcgis Enterprise Sites +1
Name of the Vulnerable Software and Affected Versions: ArcGIS HUB and ArcGIS Enterprise Sites versions prior to 11.4 Description: A stored cross-site scripting XSS vulnerability exists that allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If...
Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025
Acquia DAM provides a connection to a third-party asset management system, allowing for images to be managed, linked to, and viewed from Drupal. In order for assets to be managed in Drupal, a site administrator must first authenticate the site to their DAM instance. The module doesn't sufficientl...