CVSS: 6.3EPSS: 0%CPEs: 10EXPL: 1CVE-2024-9048 – y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting
https://notcve.org/view.php?id=CVE-2024-9048
A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.278215 https://vuldb.com/?ctiid.278215 https://gitee.com/y_project/RuoYi/issues/IAR6Q3 https://gitee.com/y_project/RuoYi/issues/IAR6Q3#note_31993641_link https://gitee.com/y_project/RuoYi/commit/9b68013b2af87b9c809c4637299abd929bc73510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 1CVE-2024-6511 – y_project RuoYi Content-Type isJsonRequest cross site scripting
https://notcve.org/view.php?id=CVE-2024-6511
A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/y_project/RuoYi/issues/IA8O7O https://vuldb.com/?ctiid.270343 https://vuldb.com/?id.270343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7743
https://notcve.org/view.php?id=CVE-2014-7743
The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Humor Ironias y Realidades (también conocido como com.wHumork) 0.63.13371.13576 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/331785 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6990
https://notcve.org/view.php?id=CVE-2014-6990
The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Albasit artes y danza (también conocida como com.adianteventures.adianteapps.albasit_artes_y_danza) 1.2 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/561289 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •