CVE-2020-7991

The CVE-2020-7991 entry refers to Adive Framework 2.0.8, where a Cross-Site Request Forgery (CSRF) vulnerability exists in the admin/config area that can change the Administrator password. Multiple connected sources confirm the affected software/version and the admin password impact, with exploit...

CVE-2020-7989

Mode C (Normal) — CVE-2020-7989 affects Adive Framework 2.0.8, with a Cross-Site Scripting flaw in the admin/user/add userUsername path. Root cause cited in CNVD entry: lack of proper validation of client-side data by the web application. Documented impact includes XSS exposure, with NVD indicati...

CVE-2020-7990

The CVE-2020-7990 entry concerns Adive Framework 2.0.8, where an admin/user/add userName XSS vulnerability exists. The core issue is a cross-site scripting flaw arising from insufficient validation of client-side data in the Adive Framework web application. Multiple connected sources (including R...

CVE-2024-4337

CVE-2024-4337 affects Adive Framework 2.0.8. The root cause is insufficient encoding of user-controlled inputs, causing a persistent XSS vulnerability via the /adive/admin/nav/add endpoint across multiple parameters. This can enable an attacker to retrieve authenticated user session details. Publ...

CVE-2024-4336

CVE-2024-4336 affects Adive Framework 2.0.8. The vulnerability is a persistent XSS due to insufficient encoding of user-controlled inputs, exploitable via the /adive/admin/tables/add endpoint across multiple parameters. The available documents indicate an attacker could retrieve the session detai...