Testnet0

#12671of 53,611
21.3Total CVSS
Vulnerabilities · 4
Medium
4
PT-2023-11743
5.4
2023-08-11
Thinkcmf · Thinkcmf · CVE-2020-25915
**Name of the Vulnerable Software and Affected Versions** ThinkCMF version 5.1.5 **Description** The issue is a Cross Site Scripting (XSS) vulnerability in the UserController.php file, which allows attackers to execute arbitrary code via a crafted `user login`. This can lead to unauthorized access and malicious activities on the affected system. **Recommendations** For ThinkCMF version 5.1.5, consider disabling the `UserController.php` file or restricting access to it until a patch is available. Additionally, avoid using the `user login` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-22478
5.3
2023-04-19
Powerjob · Powerjob · CVE-2023-29921
**Name of the Vulnerable Software and Affected Versions** PowerJob version 4.3.1 **Description** The issue is related to Incorrect Access Control via the `create app` interface. **Recommendations** For PowerJob version 4.3.1, consider restricting access to the `create app` interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-6717
5.3
2023-04-19
Powerjob · Powerjob · CVE-2023-29922
**Name of the Vulnerable Software and Affected Versions** PowerJob version 4.3.1 **Description** The issue is related to insufficient access control in the PowerJob platform, which can be exploited by a remote attacker to gain unauthorized access to the `user/save` interface. This can occur via the create user/save interface. **Recommendations** For PowerJob version 4.3.1, consider restricting access to the `user/save` interface until a patch is available. As a temporary workaround, limit the use of the create user/save functionality to minimize the risk of exploitation.
PT-2023-6981
5.3
2023-04-19
Powerjob · Powerjob · CVE-2023-29923
**Name of the Vulnerable Software and Affected Versions** PowerJob version 4.3.1 **Description** The issue is related to insecure permissions in the PowerJob platform, which can be exploited to gain unauthorized access to protected information. This can be done remotely through the list job interface. **Recommendations** For PowerJob version 4.3.1, consider restricting access to the list job interface until a patch is available. As a temporary workaround, review and adjust the default permissions to prevent unauthorized access.