5 results (0.008 seconds)

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user. Adive Framework 2.0.8 no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad persistente de Cross Site Scripting (XSS) a través de /adive/admin/tables/add, en múltiples parámetros. Un atacante podría recuperar los detalles de la sesión de un usuario autenticado. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user. Adive Framework 2.0.8 no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad persistente de Cross Site Scripting (XSS) a través de /adive/admin/nav/add, en múltiples parámetros. Esta vulnerabilidad permite a un atacante recuperar los detalles de la sesión de un usuario autenticado. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Adive Framework 2.0.8 has admin/user/add userUsername XSS. Adive Framework versión 2.0.8, presenta una vulnerabilidad de tipo XSS del userUsername de admin/user/add. • https://github.com/ferdinandmartin/adive-php7/blob/master/README.md https://www.exploit-db.com/exploits/47946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Adive Framework 2.0.8 has admin/user/add userName XSS. Adive Framework versión 2.0.8, presenta una vulnerabilidad de tipo XSS del userName de admin/user/add. • https://github.com/ferdinandmartin/adive-php7/blob/master/README.md https://www.exploit-db.com/exploits/47946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Adive Framework versión 2.0.8, presenta una vulnerabilidad de tipo CSRF de admin/config para cambiar la contraseña de Administrador. Adive Framework version 2.0.8 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47966 http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html https://github.com/ferdinandmartin/adive-php7/blob/master/README.md https://www.exploit-db.com/exploits/47946 • CWE-352: Cross-Site Request Forgery (CSRF) •