|
1811
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tags.php` endpoint…
|
CWE-79
Cross-site Scripting
|
CVE-2025-23034
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
- |
|
-
|
-
|
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-0066
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
- |
|
-
|
-
|
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over…
|
CWE-89
SQL Injection
|
CVE-2025-0063
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
- |
|
-
|
-
|
SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vuln…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2025-0061
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
- |
|
-
|
-
|
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to …
|
CWE-94
Code Injection
|
CVE-2025-0060
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
- |
|
-
|
-
|
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or acces…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2025-0059
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
- |
|
-
|
-
|
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwis…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-0058
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_situacao.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2025-23033
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_escala.php`…
|
CWE-79
Cross-site Scripting
|
CVE-2025-23032
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
- |
|
-
|
-
|
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_alergia.php…
|
CWE-79
Cross-site Scripting
|
CVE-2025-23031
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
