Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by oneclickorgs
CVE-2011-4678 (GCVE-0-2011-4678)
Vulnerability from nvd – Published: 2011-12-06 11:00 – Updated: 2024-09-16 17:03
VLAI
EPSS
VEX
Summary
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:33.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4678",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:53.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4677 (GCVE-0-2011-4677)
Vulnerability from nvd – Published: 2011-12-06 11:00 – Updated: 2024-09-17 03:02
VLAI
EPSS
VEX
Summary
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:33.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4677",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:04.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4555 (GCVE-0-2011-4555)
Vulnerability from nvd – Published: 2011-12-06 11:00 – Updated: 2024-09-16 17:27
VLAI
EPSS
VEX
Summary
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4555",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:27:53.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4554 (GCVE-0-2011-4554)
Vulnerability from nvd – Published: 2011-12-06 11:00 – Updated: 2024-09-17 02:42
VLAI
EPSS
VEX
Summary
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) \" (double quote) and newline characters in an org name or (2) \" (double quote) characters in an e-mail address, related to a \"2nd Order SMTP Injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) \" (double quote) and newline characters in an org name or (2) \" (double quote) characters in an e-mail address, related to a \"2nd Order SMTP Injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4554",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:42:29.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4553 (GCVE-0-2011-4553)
Vulnerability from nvd – Published: 2011-12-06 11:00 – Updated: 2024-09-16 23:41
VLAI
EPSS
VEX
Summary
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4553",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:41:03.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4552 (GCVE-0-2011-4552)
Vulnerability from nvd – Published: 2011-12-06 11:00 – Updated: 2024-09-16 21:02
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4552",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:54.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4678 (GCVE-0-2011-4678)
Vulnerability from cvelistv5 – Published: 2011-12-06 11:00 – Updated: 2024-09-16 17:03
VLAI
EPSS
VEX
Summary
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:33.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4678",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:53.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4554 (GCVE-0-2011-4554)
Vulnerability from cvelistv5 – Published: 2011-12-06 11:00 – Updated: 2024-09-17 02:42
VLAI
EPSS
VEX
Summary
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) \" (double quote) and newline characters in an org name or (2) \" (double quote) characters in an e-mail address, related to a \"2nd Order SMTP Injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) \" (double quote) and newline characters in an org name or (2) \" (double quote) characters in an e-mail address, related to a \"2nd Order SMTP Injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4554",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:42:29.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4555 (GCVE-0-2011-4555)
Vulnerability from cvelistv5 – Published: 2011-12-06 11:00 – Updated: 2024-09-16 17:27
VLAI
EPSS
VEX
Summary
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4555",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:27:53.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4677 (GCVE-0-2011-4677)
Vulnerability from cvelistv5 – Published: 2011-12-06 11:00 – Updated: 2024-09-17 03:02
VLAI
EPSS
VEX
Summary
One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:33.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4677",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:04.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4552 (GCVE-0-2011-4552)
Vulnerability from cvelistv5 – Published: 2011-12-06 11:00 – Updated: 2024-09-16 21:02
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4552",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:54.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4553 (GCVE-0-2011-4553)
Vulnerability from cvelistv5 – Published: 2011-12-06 11:00 – Updated: 2024-09-16 23:41
VLAI
EPSS
VEX
Summary
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/group/oneclickorgs-devs… | mailing-listx_refsource_MLIST |
| http://dmcdonald.net/?page_id=43 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-06T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dmcdonald.net/?page_id=43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3",
"refsource": "MLIST",
"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en\u0026dmode=source\u0026output=gplain"
},
{
"name": "http://dmcdonald.net/?page_id=43",
"refsource": "MISC",
"url": "http://dmcdonald.net/?page_id=43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4553",
"datePublished": "2011-12-06T11:00:00.000Z",
"dateReserved": "2011-11-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:41:03.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}