Page 2 of 8 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. Se ha descubierto un problema en creditease-sec insight hasta el 11/09/2018. role_perm_delete in srcpm/app/admin/views.py permite Cross-Site Request Forgery (CSRF). • https://github.com/creditease-sec/insight/issues/42 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF. Se ha descubierto un problema en creditease-sec insight hasta el 11/09/2018. depart_delete in srcpm/app/admin/views.py permite Cross-Site Request Forgery (CSRF). • https://github.com/creditease-sec/insight/issues/42 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. La API REST en la aplicación DTE Energy Insight en versiones anteriores a 1.7.8 para Android permite a usuarios remotos autenticados obtener información de cliente no especificada a través de una expresión SQL en el parámetro filter. • http://jeffq.com/blog/dteenergy-insight http://www.kb.cert.org/vuls/id/713312 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •