Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
in-portal in-portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25695
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated malicious user to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack...
NA
CVE-2014-2212
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and previous versions stores the username and MD5 digest of the password in cleartext in a cookie, which allows malicious users to obtain sensitive information by reading ...
Posh Project Posh 3.0
Posh Project Posh 2.3
Posh Project Posh 2.2.1
Posh Project Posh 2.2
Posh Project Posh 2.1
Posh Project Posh 2.2.3
Posh Project Posh 3.0.1
Posh Project Posh 3.0.3
Posh Project Posh 3.2.1
Posh Project Posh 3.0.4
Posh Project Posh 2.0
Posh Project Posh 3.1.0
Posh Project Posh
Posh Project Posh 1.5
Posh Project Posh 1.3.0
Posh Project Posh 1.1.0
Posh Project Posh 1.5.1
Posh Project Posh 1.4.2
Posh Project Posh 1.3.2
Posh Project Posh 3.1.1
Posh Project Posh 3.0.2
Posh Project Posh 3.1.2
6.5
CVSSv3
CVE-2018-15140
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
Open-emr Openemr
1 EDB exploit
6.5
CVSSv3
CVE-2018-15141
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
Open-emr Openemr
1 EDB exploit
NA
CVE-2024-25696
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated malicious user to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required...
NA
CVE-2024-25697
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated malicious user to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges ...
8.2
CVSSv3
CVE-2021-32101
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the att...
8.8
CVSSv3
CVE-2018-15142
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters...
Open-emr Openemr
1 EDB exploit
1 Github repository
9.1
CVSSv3
CVE-2018-15152
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR prior to 5.0.1.4 allows a remote malicious user to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php...
Open-emr Openemr
6.1
CVSSv3
CVE-2021-32806
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal before 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect ...
Plone Isurlinportal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3