23 matches found
CVE-2020-37106
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...
CVE-2020-37106 Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...
CVE-2020-37106
The CVE-2020-37106 issue affects Business Live Chat Software 1.0 and is described as a cross-site request forgery (CSRF) vulnerability. A remote attacker can craft a malicious HTML form that sends a POST to the user creation endpoint with administrative access parameters to change user account ro...
CVE-2020-37106
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...
PT-2026-6814
Name of the Vulnerable Software and Affected Versions Business Live Chat Software version 1.0 Description The software contains a cross-site request forgery condition that permits attackers to alter user account roles without needing to authenticate. An attacker can create a malicious HTML form t...
Incorrect Authorization
Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...
OneUptime Unauthorized User Creation via API
Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...
EUVD-2025-6873
Malicious code in bioql PyPI...
EUVD-2025-19425
Malicious code in bioql PyPI...
UnoPim vulnerable to remote code execution through Arbitrary File upload
Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...
GHSA-XR97-25V7-HC2Q UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality
Summary Affected Functionality: User creation Endpoint: /admin/settings/users/create Details https://github.com/unopim/unopim/blob/a0dc81947a59ada69e19e1e4313dd591d4e277b4/packages/Webkul/Core/src/Traits/Sanitizer.phpL9-L19 See the mimetype is checked for validation. Mime-type is usually identifi...
CVE-2025-6775
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...
CVE-2025-6775
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...
CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...
CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...
CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function createuser of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible ...
CVE-2021-38617
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation...
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgradi...
CVE-2025-4210 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgradi...
CVE-2025-4210
Casdoor SCIM User Creation Endpoint (controller: SCIM.go HandleScim) up to version 1.811.0 contains an authorization bypass caused by manipulation in HandleScim. This allows remote attackers to bypass authorization. A fix is available in version 1.812.0, with patch hash 3d12ac8dc2282369296c338681...