CVE-2025-70981

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

CVE-2025-11580

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks...

CVE-2025-11580 PowerJob list authorization

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks...

CVE-2025-9433

A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been mad...

Shiro-Action 安全漏洞

Shiro-Action is a Shiro-based permission management system by zhao jun individual developer. A security vulnerability exists in Shiro-Action v0.6, which stems from improper access control of the component /user/list, which could lead to access to sensitive information...

bootplus 注入漏洞

bootplus is a permission management framework by JoeyBling Personal Developer. An injection vulnerability exists in bootplus, which stems from the parameter sort in the file /admin/sys/user/list that causes SQL injection...

Ladder CMS Cross-Site Scripting Vulnerability

Tianti tianti is a free lightweight CMS system written in Java , currently provides a total solution from the back-end management to the front-end display . A cross-site scripting vulnerability exists in the user management module in tianti 2.3, which can be exploited by an attacker via the...