7 matches found
CVE-2022-37333
CVE-2022-37333 is a SQL injection vulnerability in Exment and related laravel-admin components. The issue affects PHP8: exceedone/exment e5.0.2 and earlier and exceedone/laravel-admin e3.0.0 and earlier; PHP7: exceedone/exment e4.4.2 and earlier and exceedone/laravel-admin e2.2.2 and earlier. The...
CVE-2022-38080
The CVE-2022-38080 issue is a reflected cross-site scripting vulnerability in Exment and related Exment/laravel-admin components. Affected versions include Exment v5.0.2 and earlier (PHP8) and v4.4.2 and earlier (PHP7), plus corresponding laravel-admin builds (v3.0.0 and earlier; v2.2.2 and earli...
CVE-2022-38089
CVE-2022-38089 describes a stored cross-site scripting (XSS) vulnerability in Exment and the exceedone/laravel-admin integration. The issue affects PHP8: exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier; PHP7: exceedone/exment v4.4.2 and earlier and exceedone/lar...
CVE-2024-47793
CVE-2024-47793 affects Exment v6.1.4 and earlier and v5.0.11 and earlier. The issue is a stored cross-site scripting (XSS) vulnerability that can execute arbitrary script in a user’s browser when accessing the edit screen containing custom columns (column type: images or files). The underlying ro...
CVE-2024-46897
Affected software: Exment (web app). Vulnerability: CVE-2024-46897 is an Incorrect Permission Assignment for a Critical Resource affecting Exment versions 6.1.4 and earlier and 5.0.11 and earlier. A logged-in user with the permission to manage tables may access and/or modify information in unauth...
CVE-2020-5620
Exment prior to v3.6.0 is vulnerable to stored cross-site scripting (via a crafted file or certain inputs). The root cause is improper input sanitization (CWE-79) that allows an arbitrary script to run in a logged-in user’s browser. Affected product: Exment; affected versions: before 3.6.0. Impac...
CVE-2020-5619
Exment v3.6.0 and earlier is vulnerable to cross-site scripting (stored XSS). The vulnerability arises from inadequate validation of client data, allowing remote authenticated attackers to inject and execute arbitrary script or HTML in a user’s browser when viewing affected pages. Public referenc...