Lucene search
K

6 matches found

NVD
NVD
added 2022/10/19 2:15 a.m.17 views

CVE-2022-38901

A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...

5.4CVSS0.00719EPSS
Exploits2References3
CVE
CVE
added 2022/10/19 12:0 a.m.70 views

CVE-2022-38901

Summary (CVE-2022-38901, related entries): Liferay Digital Experience Platform 7.3.10 SP3 is affected in the Document and Media module file upload path. The vulnerability is a Cross-site Scripting (XSS) flaw in the description field of uploaded SVG files, enabling remote attackers to inject arbit...

5.4CVSS5.4AI score0.00719EPSS
Exploits2References3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/15 1:45 p.m.19 views

Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2021-38901)

Summary If tracing is enabled in Operations Center, user credentials may be displayed in the trace file in plain text. Vulnerability Details CVEID: CVE-2021-38901 DESCRIPTION: IBM Spectrum Protect Operations Center, under special configurations, could allow a local user to obtain highly sensitive...

5.5CVSS5AI score0.00215EPSS
Exploits0Affected Software1
Circl
Circl
added 2021/12/13 10:12 p.m.3 views

CVE-2021-38901

creationtimestamp| type| source ---|---|--- 2021-12-13 22:12:22+00:00| seen| https://t.me/cibsecurity/33884...

5.5CVSS5.8AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2021/12/13 6:35 p.m.59 views

CVE-2021-38901

CVE-2021-38901 affects IBM Spectrum Protect Operations Center (7.1.x: 7.1.0.000–7.1.13.x). Under special configurations, a local user could obtain highly sensitive information; the issue stems from tracing exposing credentials in trace files (plain text). CVSS: vector and scores indicate a MEDIUM...

5.5CVSS5.1AI score0.00215EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2016/03/11 12:0 a.m.36 views

PHP Utility Belt - Remote Code Execution (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'PHP Utility Belt Remote Code Execution', 'Description' = %q This module exploit...

7.1AI score
Exploits0
Rows per page
Query Builder