Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
in-portal in-portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25695
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated malicious user to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack...
NA
CVE-2024-25696
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated malicious user to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required...
NA
CVE-2024-25697
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated malicious user to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges ...
4.3
CVSSv3
CVE-2023-0761
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Staff members, which could allow malicious users to make logged in admins delete arbitrary Staff via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
4.3
CVSSv3
CVE-2023-0762
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting designations, which could allow malicious users to make logged in admins delete arbitrary designations via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
4.3
CVSSv3
CVE-2023-0763
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Holidays, which could allow malicious users to make logged in admins delete arbitrary holidays via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
5.4
CVSSv3
CVE-2023-25834
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
Esri Portal For Arcgis
7.5
CVSSv3
CVE-2022-38184
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated malicious user to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
Esri Portal For Arcgis
4.3
CVSSv3
CVE-2022-26051
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated malicious user to alter the data of Portal.
Cybozu Garoon
4.3
CVSSv3
CVE-2021-20763
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to obtain the data of Portal without the appropriate privilege.
Cybozu Garoon
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »