Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
AnapiH6web

2 matches found

CVE
CVEadded 2025/02/13 12:48 p.m.57 views

CVE-2025-1270

CVE-2025-1270 describes an IDOR vulnerability in Anapi Group’s h6web. An authenticated attacker can access other users’ information by sending a POST to /h6web/ha_datos_hermano.php and altering the pkrelated parameter to reference a different user, with the first request potentially enabling impe...

9.1CVSS6.5AI score0.00332EPSS
CVE
CVEadded 2025/02/13 12:49 p.m.56 views

CVE-2025-1271

CVE-2025-1271: Reflected XSS in Anapi Group's h6web. A malicious URL can trigger JavaScript in the user’s browser, potentially stealing data or allowing unauthorized actions. CVSSv3.1 base score 6.1 (Network, Low/Moderate impact; user interaction required; changed scope). Connected sources provid...

6.1CVSS6.1AI score0.00262EPSS