11 matches found
foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...
EUVD-2026-40959
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...
CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...
PT-2026-54786
Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified satellite-capsule:el8/foreman affected versions not specified Description The Usergroup model fails to properly validate role assignments against the permissions of the calling user. This improper...
WESEEK GROWI Cross-Site Scripting Vulnerability
WESEEK GROWI is an open source team collaboration software developed by WESEEK Japan. The software features asset management, quick search and member management. A cross-site scripting vulnerability exists in WESEEK GROWI 3.1.11 and earlier versions, which can be exploited by remote attackers to...
CVE-2018-0652
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...
CVE-2018-0652
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...
Cross site scripting
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...
CVE-2018-0652
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page...
CVE-2018-0652
GROWI is affected: CVE-2018-0652 is a Stored XSS in the UserGroup Management section of admin page, impacting GROWI v3.1.11 and earlier. The underlying issue allows remote attackers with authentication to inject arbitrary scripts/HTML in the logged-in user’s browser. Documented impact includes ar...
JVN#18716340: Multiple cross-site scripting vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Version| Vector| Score ---|---|--- CVSS v3|...