CVE-2025-28096
- EPSS 0.13%
- Veröffentlicht 28.03.2025 00:00:00
- Zuletzt bearbeitet 07.04.2025 14:00:57
OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
CVE-2025-28097
- EPSS 0.16%
- Veröffentlicht 28.03.2025 00:00:00
- Zuletzt bearbeitet 07.04.2025 13:59:18
OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
CVE-2024-33832
- EPSS 3.16%
- Veröffentlicht 30.04.2024 18:15:20
- Zuletzt bearbeitet 21.11.2024 09:17:33
OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info.
CVE-2023-7210
- EPSS 0.08%
- Veröffentlicht 07.01.2024 10:15:08
- Zuletzt bearbeitet 21.11.2024 08:45:31
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is pos...
CVE-2022-26276
- EPSS 0.15%
- Veröffentlicht 12.03.2022 01:15:35
- Zuletzt bearbeitet 21.11.2024 06:53:41
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
CVE-2021-38712
- EPSS 0.24%
- Veröffentlicht 16.08.2021 04:15:07
- Zuletzt bearbeitet 21.11.2024 06:17:57
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.
CVE-2021-38138
- EPSS 0.31%
- Veröffentlicht 05.08.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 06:16:27
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is plan...