11 matches found
EUVD-2022-0023
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-52947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of...
CVE-2024-52801 Brute force takeover of OpenID Connect session cookies in sftpgo
sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...
CVE-2024-52947
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...
CVE-2024-52947
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...
DEBIAN-CVE-2024-52947
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...
UBUNTU-CVE-2024-52947
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...
CVE-2024-52947
A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page upgradeSession / forceUpgrade if the "Upgrade session" plugin has been enabled by an admin...
CVE-2024-52947
CVE-2024-52947 (LemonLDAP::NG) is a cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1. An attacker can inject arbitrary script/HTML via the url parameter on the upgrade session confirmation page (upgradeSession/forceUpgrade) when the “Upgrade session” plugin is enabled by an...
PT-2024-35497 · Unknown · Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page, specifically the "upgradeSessi...
User Profile hangs when using CVAD 2203 CU5
Upgrading to CVAD 2203 CU5 found an issue with hanging on loading the user profile. It eventually times out and the session is disconnected/hung...