Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
in-portal vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-8304
Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.
In-portal In-portal
6.8
CVSSv2
CVE-2009-4986
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the env parameter.
In-portal In-portal 4.3.1
1 EDB exploit
NA
CVE-2023-0761
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Staff members, which could allow malicious users to make logged in admins delete arbitrary Staff via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
NA
CVE-2023-0762
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting designations, which could allow malicious users to make logged in admins delete arbitrary designations via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
NA
CVE-2023-0763
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Holidays, which could allow malicious users to make logged in admins delete arbitrary holidays via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
7.5
CVSSv2
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
4.3
CVSSv2
CVE-2017-6003
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
Dotcms Dotcms 3.7.0
4
CVSSv2
CVE-2022-26051
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated malicious user to alter the data of Portal.
Cybozu Garoon
4.3
CVSSv2
CVE-2007-0922
Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote malicious users to inject arbitrary web script or HTML via the query string.
Radical Technologies Portal Search
7.8
CVSSv2
CVE-2007-0923
buscador/buscador.htm in Portal Search allows remote malicious users to obtain sensitive information (business logic) via a query string composed of a search for certain characters.
Radical Technologies Portal Search
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »