Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Tianti Project Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19110 1 Tianti Project 1 Tianti 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
CVE-2018-19109 1 Tianti Project 1 Tianti 2024-11-21 6.5 MEDIUM 8.8 HIGH
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.
CVE-2018-19091 1 Tianti Project 1 Tianti 2024-11-21 3.5 LOW 5.4 MEDIUM
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.
CVE-2018-19090 1 Tianti Project 1 Tianti 2024-11-21 3.5 LOW 5.4 MEDIUM
tianti 2.3 has stored XSS in the article management module via an article title.
CVE-2018-19089 1 Tianti Project 1 Tianti 2024-11-21 3.5 LOW 5.4 MEDIUM
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024