Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-32604

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00576EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-32603

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.03252EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-32602

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00546EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.5 views

CVE-2021-45889

An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or...

5.4CVSS6.8AI score0.00581EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:9 p.m.6 views

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

4.8CVSS7.1AI score0.00576EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:9 p.m.3 views

CVE-2021-45887

An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/.jsp UR...

9.8CVSS7.8AI score0.03252EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:8 p.m.5 views

CVE-2021-45886

An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user such as operator can be used to confirm actions of higher-privileged ones such...

8.8CVSS7AI score0.00546EPSS
Exploits1
CNVD
CNVD
added 2022/03/14 12:0 a.m.10 views

Ponton X/P Messenger Cross-Site Scripting Vulnerability

PONTON X/P Messenger is a highly configurable ebXML, AS/1, AS/2, AS/3 and AS/4 compliant messaging software from PONTON Germany. ponton X/P Messenger is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to obtain sensitive user information and construct...

5.4CVSS1.8AI score0.00581EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.9 views

Ponton X/P Messenger path traversal vulnerability

PONTON X/P Messenger is a highly configurable ebXML, AS/1, AS/2, AS/3 and AS/4 compliant messaging software from the German company PONTON. ponton X/P Messenger is vulnerable to a path traversal vulnerability that could be exploited by an attacker to upload executable scripts while obtaining...

9.8CVSS3.9AI score0.03252EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/14 12:0 a.m.16 views

Ponton X/P Messenger Cross-Site Scripting Vulnerability (CNVD-2022-22677)

PONTON X/P Messenger is a highly configurable ebXML, AS/1, AS/2, AS/3 and AS/4 compliant messaging software from the German company PONTON. ponton X/P Messenger is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to obtain sensitive user information and...

4.8CVSS2.1AI score0.00576EPSS
Exploits1References1
OSV
OSV
added 2022/03/13 2:15 a.m.7 views

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

4.8CVSS5.8AI score0.00576EPSS
Exploits1References2
NVD
NVD
added 2022/03/13 2:15 a.m.19 views

CVE-2021-45889

An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or...

5.4CVSS0.00581EPSS
Exploits1References2
NVD
NVD
added 2022/03/13 2:15 a.m.13 views

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

4.8CVSS0.00576EPSS
Exploits1References2
NVD
NVD
added 2022/03/13 2:15 a.m.13 views

CVE-2021-45886

An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user such as operator can be used to confirm actions of higher-privileged ones such...

8.8CVSS0.00546EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/13 2:15 a.m.3 views

CVE-2021-45886

An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user such as operator can be used to confirm actions of higher-privileged ones such...

8.8CVSS7.4AI score0.00546EPSS
Exploits1References3
Prion
Prion
added 2022/03/13 2:15 a.m.13 views

Cross site scripting

An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or...

3.5CVSS5.5AI score0.00581EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/03/13 2:15 a.m.14 views

Design/Logic Flaw

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

3.5CVSS5.3AI score0.00576EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/03/13 1:34 a.m.86 views

CVE-2021-45887

CVE-2021-45887 affects Ponton X/P Messenger prior to 3.11.2. The issue is a path traversal vulnerability in private/SchemaSetUpload.do when handling uploaded ZIP files, allowing an attacker with administrative web access to upload an executable script and achieve remote code execution on the serv...

9.8CVSS9.6AI score0.03252EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/13 1:30 a.m.19 views

CVE-2021-45886

An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user such as operator can be used to confirm actions of higher-privileged ones such...

8.8AI score0.00546EPSS
Exploits1References2
CVE
CVE
added 2022/03/13 1:30 a.m.83 views

CVE-2021-45886

CVE-2021-45886 concerns PONTON X/P Messenger before 3.11.2. The flaw is that anti-CSRF tokens are globally valid, creating a weakened CSRF condition where an arbitrary token from a low-privilege user (e.g., operator) can be used to confirm actions of a higher-privilege user (e.g., xpadmin). The p...

8.8CVSS8.5AI score0.00546EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder