2 matches found
CVE-2022-24589
CVE-2022-24589 concerns Burden v3.0, where a stored cross-site scripting (XSS) flaw exists in the Add Category function. A crafted payload in the task parameter allows execution of arbitrary web scripts or HTML. This is the stated vulnerability, with multiple vendor/NVD entries confirming the sam...
CVE-2013-7137
CVE-2013-7137 affects Burden prior to 1.8.1. The vulnerability arises from insufficient validation of the burden_user_rememberme cookie, allowing remote unauthenticated users to set the cookie to 1 and gain administrative privileges via the login mechanism. Impact is authentication bypass with po...