14 matches found
CVE-2022-36413
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications...
CVE-2020-36413
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...
CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting
SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...
CVE-2024-36413
SuiteCRM prior to versions 7.14.4 and 8.6.1 is affected by a cross-site scripting vulnerability in the import module error view. The underlying issue was fixed in 7.14.4 and 8.6.1. Connected sources consistently describe a reflected/XSS in the import error view and confirm a vendor-reported fix i...
CVE-2023-36413
creationtimestamp| type| source ---|---|--- 2023-11-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1160 2023-11-15 12:34:59+00:00| seen| https://t.me/truesecator/5085 2023-11-17 08:13:29+00:00| exploited| https://t.me/hackyourmom/5983...
CVE-2023-36413
Microsoft Office Security Feature Bypass Vulnerability...
CVE-2023-36413
CVE-2023-36413: Microsoft Office security feature bypass vulnerability. Affects Office components (notably Office 2016-era products in references) and can bypass Protected View, allowing opened files to enter editing mode when delivered as a malicious file. Underlying risk is an I: HIGH impact (i...
CVE-2023-36413 Microsoft Office Security Feature Bypass Vulnerability
...
Security Updates for Microsoft Office Products (November 2023)
The Microsoft Office Products are missing security updates. It is, therefore, affected by a security feature bypass vulnerability. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. Note that Nessus h...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in several Office products. A malicious party could exploit the vulnerabilities to circumvent a security measure or execute arbitrary code with application privileges. Successful exploitation requires the malicious party to trick the victim into opening a rogue...
CVE-2022-36413
creationtimestamp| type| source ---|---|--- 2023-03-23 23:37:04+00:00| seen| https://t.me/cibsecurity/60624...
CVE-2022-36413
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications...
CVE-2022-36413
Zoho ManageEngine ADSelfService Plus (versions up to 6203) is affected by a brute-force vulnerability that can lead to password resets on IDM applications. The CVE-2022-36413 entry notes a high-severity issue (CVSS v3.1: 9.1, Network, Low attack complexity, No privileges, No user interaction) wit...
CVE-2020-36413
CVE-2020-36413 affects CMS Made Simple 2.2.14 and describes a stored XSS vulnerability: an authenticated user can inject arbitrary web scripts/HTML via the Maintenance Mode parameter “Exclude these IP addresses from the Site Down state.” The CVE details indicate low to moderate impact per CVSS da...