25 matches found
CVE-2026-24966
Cross-Site Request Forgery CSRF vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through = 1.4.1...
CVE-2021-24966
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...
CVE-2025-24966
reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...
CVE-2025-24966
creationtimestamp| type| source ---|---|--- 2025-02-04 19:33:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113947287754913671 2025-02-04 20:16:17+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lheuravl5n2c 2025-02-04 22:15:14+00:00| seen|...
CVE-2025-24966
CVE-2025-24966 concerns the reNgine web-app reconnaissance framework. The issue is HTML Injection in the Add Target functionality, where the Target Organization and Target Description fields improperly validate or sanitize input, allowing arbitrary HTML payloads. The injected HTML is rendered in ...
CVE-2024-24966
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-24966 F5OS vulnerability
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-24966
CVE-2024-24966 affects F5OS (A and C branches) where LDAP remote authentication can authorize a remote user without an assigned role. Affected versions: F5OS-A 1.2.0 (vulnerable) with fix in 1.3.0; F5OS-C 1.3.0–1.5.1 (vulnerable) with fix in 1.6.0. Impact is improper authorization (control-plane)...
CVE-2024-24966 F5OS vulnerability
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000133111: F5OS vulnerability CVE-2024-24966
Security Advisory Description When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. CVE-2024-24966 Impact This vulnerability may allow an LDAP authenticated attacker to bypass intended access restrictions. There is no data...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2023-25690, CVE-2023-24966, CVE-2023-24998, CVE-2023-27554, CVE-2022-39161, CVE-2023-32342 and CVE-2023-35890. The remediati...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console - CVE-2023-24966
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Following IBM®...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-24966)
Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server which is a component of IBM Operations Analytics Predictive Insights
Summary Websphere Application Server WAS is a component of IBM Operations Analytics Predictive Insights. Multiple vulnerabilities in Websphere Application Server WAS 8.5 and 9.0 affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. Information about the following relevant...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)
Summary IBM WebSphere Application Server is vulnerable to cross site scripting in the Admin Console. This has been addressed in the remediation section below. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)
Summary Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable tcross-site scripting in the Admin Console CVE-2023-24966. This has been addressed in the remediation section below. Vulnerability Details Refer to the...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing when using Web Server Plug-ins
Summary IBM Security Verify Governance uses IBM WebSphere Application Server .The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center (CVE-2023-24966)
Summary IBM WebSphere Application Server traditional is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-24966)
Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2023-24966)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...