19 matches found
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-13948)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2025-13948
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...
CVE-2025-13948
The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...
CVE-2024-13948
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13948
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13948 Insecure Permissions
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2024-13948
CVE-2024-13948 describes an information-disclosure vulnerability in ABB ASPECT family tools (ASPECT-Enterprise, NEXUS Series, MATRIX Series) caused by Windows permissions not being fully secured for ASPECT configuration toolsets. The root cause is an incorrect default privilege flaw that can expo...
CVE-2024-13948 Insecure Permissions
Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2017-13948
Rejected reason: This candidate is unused by its CNA...
CVE-2018-13948
...
CVE-2020-13948
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...
CVE-2020-13948
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...
CVE-2020-13948
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...
CVE-2020-13948
CVE-2020-13948 is tied to Apache Superset versions earlier than 0.37.1. An authenticated user could craft requests via templated text fields to gain arbitrary access to Python’s os package within the web application process. Impact details in the connected records show the user could enumerate an...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13948
The CVE-2019-13948 issue affects SyGuestBook A5 Version 1.2, where a stored XSS vulnerability arises from isValidData not properly filtering XSS payloads in include/functions.php. TheExploit vector demonstrated uses an onerror attribute in an IMG tag to inject script, enabling script execution in...
CVE-2010-2462
creationtimestamp| type| source ---|---|--- 2010-06-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/13948...
CVE-2017-13948
CVE-2017-13948 is rejected/not used and does not represent an active vulnerability entry.