8 matches found
EUVD-2022-45274
Malicious code in bioql PyPI...
CVE-2025-50927
A reflected cross-site scripting XSS vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter...
CVE-2025-8127 deerwms deer-wms-2 list sql injection
A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument paramsdataScope leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2022-42198
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload...
CVE-2022-42197
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges...
Improper access control
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges...
CVE-2022-42197
CVE-2022-42197 affects Simple Exam Reviewer Management System v1.0, specifically the User List function. The vulnerability arises from improper access control that allows low-privileged users to modify other users’ privileges to higher levels. The available connected sources confirm the affected ...
Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office contains a cross-site scripting vulnerability. Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...