Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
in-portal vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-20755
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to obtain the data of Portal without the viewing privilege.
Cybozu Garoon
356
VMScore
CVE-2021-20763
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to obtain the data of Portal without the appropriate privilege.
Cybozu Garoon
755
VMScore
CVE-2014-2211
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 prior to 3.3.0 allows remote malicious users to execute arbitrary SQL commands via the rssurl parameter.
Posh Project Posh 3.0
Posh Project Posh 3.1.2
Posh Project Posh 3.0.2
Posh Project Posh 3.0.3
Posh Project Posh 3.0.4
Posh Project Posh 3.1.0
Posh Project Posh 3.1.1
Posh Project Posh 3.0.1
Posh Project Posh
1 EDB exploit
668
VMScore
CVE-2018-15143
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
Open-emr Openemr
668
VMScore
CVE-2018-15145
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Open-emr Openemr
NA
CVE-2023-25834
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
Esri Portal For Arcgis
605
VMScore
CVE-2019-11781
Improper input validation in portal component in Odoo Community 12.0 and previous versions and Odoo Enterprise 12.0 and previous versions, allows remote malicious users to trick victims into modifying their account via crafted links, leading to privilege escalation.
Odoo Odoo
383
VMScore
CVE-2008-0867
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote malicious users to inject arbitrary web script or HTML via the name parameter.
Bea Systems Plumtree Foundation 6.0
Bea Systems Aqualogic Interaction 6.1
NA
CVE-2022-38184
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated malicious user to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
Esri Portal For Arcgis
NA
CVE-2024-25695
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated malicious user to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »