CVE-2024-1253 Byzoro Smart S40 Management Platform Import web.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument fileupload leads to...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists in checkouts of web.php during routing which allows an attacker to insert arbitrary Javascript...

Exposure of Resource to Wrong Sphere in LibreNMS

An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' = 'admin'" instead of "'middleware' = 'can:admin'" in routes/web.php...

Improper access control

An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' = 'admin'" instead of "'middleware' = 'can:admin'" in routes/web.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php...

CVE-2013-4430

Cross-site scripting XSS vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php...