Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 1:28 p.m.7 views

EUVD-2026-40959

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/01 1:28 p.m.6 views

CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54786

Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified satellite-capsule:el8/foreman affected versions not specified Description The Usergroup model fails to properly validate role assignments against the permissions of the calling user. This improper...

8.8CVSS5.9AI score0.00302EPSS
Exploits0References11
CNVD
CNVD
added 2018/09/11 12:0 a.m.3 views

WESEEK GROWI Cross-Site Scripting Vulnerability

WESEEK GROWI is an open source team collaboration software developed by WESEEK Japan. The software features asset management, quick search and member management. A cross-site scripting vulnerability exists in WESEEK GROWI 3.1.11 and earlier versions, which can be exploited by remote attackers to...

4.8CVSS4.8AI score0.00667EPSS
Exploits0References1
NVD
NVD
added 2018/09/07 2:29 p.m.16 views

CVE-2018-0652

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...

4.8CVSS4.8AI score0.00667EPSS
Exploits0References2
OSV
OSV
added 2018/09/07 2:29 p.m.12 views

CVE-2018-0652

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...

4.8CVSS6AI score
Exploits0References2
Prion
Prion
added 2018/09/07 2:29 p.m.13 views

Cross site scripting

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...

3.5CVSS5AI score0.00667EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/09/07 2:0 p.m.17 views

CVE-2018-0652

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...

5.1AI score0.00667EPSS
Exploits0References2
CVE
CVE
added 2018/09/07 2:0 p.m.49 views

CVE-2018-0652

GROWI is affected: CVE-2018-0652 is a Stored XSS in the UserGroup Management section of admin page, impacting GROWI v3.1.11 and earlier. The underlying issue allows remote attackers with authentication to inject arbitrary scripts/HTML in the logged-in user’s browser. Documented impact includes ar...

4.8CVSS4.9AI score0.00667EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/03 12:0 a.m.549 views

JVN#18716340: Multiple cross-site scripting vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Version| Vector| Score ---|---|--- CVSS v3|...

6.1CVSS5.7AI score0.00899EPSS
Exploits0
Rows per page
Query Builder