22 matches found
CVE-2023-38988
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38991
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
CVE-2023-38991
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
Information disclosure
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...
Information disclosure
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator...
CVE-2023-38990
CVE-2023-38990 affects Jeesite v1.2.6, where an issue in the MenuController.delete function allows an authenticated attacker to arbitrarily delete menus created by the Administrator. The vulnerability stems from improper authorization/validation in the delete path, leading to unauthorized state c...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
Information disclosure
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38989
Jeesite v1.2.6 has a vulnerability in the delete function of the UserController that allows authenticated attackers to arbitrarily delete the Administrator’s role information. Multiple sources (NVD, RH, OSV, CVE lists, and PTSecurity) confirm the affected software/version and the underlying issue...
CVE-2023-38989
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...
CVE-2023-38988
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
Information disclosure
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...
CVE-2023-26982
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...
Cross site scripting
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...
CVE-2023-26982
CVE-2023-26982 concerns Trudesk v1.2.6, which contains a stored cross-site scripting (XSS) vulnerability in the Create Ticket function, exploitable via the Add Tags parameter. Root cause: unsanitized input in Add Tags leads to script execution within affected user sessions. Impact: can enable mal...
CVE-2023-26982
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...
GHSA-XG75-Q3Q5-CQMV Denial of Service in http-swagger
Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. Patches Yes. Please upgrade to v1.2.6. Workarounds A workaround is to restrict the path prefix to the "GET" method. As shown below func main r := mux.NewRouter...
CVE-2020-15228
In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...
Malicious Package in sailclothjs
Version 1.2.6 of sailclothjs contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...