Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
in-portal vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-20755
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to obtain the data of Portal without the viewing privilege.
Cybozu Garoon
4
CVSSv2
CVE-2021-20763
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to obtain the data of Portal without the appropriate privilege.
Cybozu Garoon
7.5
CVSSv2
CVE-2014-2211
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 prior to 3.3.0 allows remote malicious users to execute arbitrary SQL commands via the rssurl parameter.
Posh Project Posh 3.0
Posh Project Posh 3.1.2
Posh Project Posh 3.0.2
Posh Project Posh 3.0.3
Posh Project Posh 3.0.4
Posh Project Posh 3.1.0
Posh Project Posh 3.1.1
Posh Project Posh 3.0.1
Posh Project Posh
1 EDB exploit
7.5
CVSSv2
CVE-2018-15143
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
Open-emr Openemr
7.5
CVSSv2
CVE-2018-15145
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Open-emr Openemr
NA
CVE-2023-25834
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
Esri Portal For Arcgis
4.3
CVSSv2
CVE-2008-0867
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote malicious users to inject arbitrary web script or HTML via the name parameter.
Bea Systems Plumtree Foundation 6.0
Bea Systems Aqualogic Interaction 6.1
6.8
CVSSv2
CVE-2019-11781
Improper input validation in portal component in Odoo Community 12.0 and previous versions and Odoo Enterprise 12.0 and previous versions, allows remote malicious users to trick victims into modifying their account via crafted links, leading to privilege escalation.
Odoo Odoo
NA
CVE-2022-38184
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated malicious user to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
Esri Portal For Arcgis
NA
CVE-2024-25695
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated malicious user to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »