Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
in-portal in-portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25695
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated malicious user to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack...
5
CVSSv2
CVE-2014-2212
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and previous versions stores the username and MD5 digest of the password in cleartext in a cookie, which allows malicious users to obtain sensitive information by reading ...
Posh Project Posh 3.0
Posh Project Posh 2.3
Posh Project Posh 2.2.1
Posh Project Posh 2.2
Posh Project Posh 2.1
Posh Project Posh 2.2.3
Posh Project Posh 3.0.1
Posh Project Posh 3.0.3
Posh Project Posh 3.2.1
Posh Project Posh 3.0.4
Posh Project Posh 2.0
Posh Project Posh 3.1.0
Posh Project Posh
Posh Project Posh 1.5
Posh Project Posh 1.3.0
Posh Project Posh 1.1.0
Posh Project Posh 1.5.1
Posh Project Posh 1.4.2
Posh Project Posh 1.3.2
Posh Project Posh 3.1.1
Posh Project Posh 3.0.2
Posh Project Posh 3.1.2
4
CVSSv2
CVE-2018-15140
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
Open-emr Openemr
1 EDB exploit
5.5
CVSSv2
CVE-2018-15141
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
Open-emr Openemr
1 EDB exploit
NA
CVE-2024-25696
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated malicious user to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required...
NA
CVE-2024-25697
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated malicious user to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges ...
6.4
CVSSv2
CVE-2021-32101
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the att...
6.5
CVSSv2
CVE-2018-15142
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters...
Open-emr Openemr
1 EDB exploit
1 Github repository
6.4
CVSSv2
CVE-2018-15152
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR prior to 5.0.1.4 allows a remote malicious user to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php...
Open-emr Openemr
5.8
CVSSv2
CVE-2021-32806
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal before 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect ...
Plone Isurlinportal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3