13 matches found
CVE-2023-43687
creationtimestamp| type| source ---|---|--- 2025-08-14 19:38:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwf3pe5ct22d...
CVE-2024-43687
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2022-43687
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Exploit Title: Microchip TimeProvider 4100 Grandmaster Banner Config Modules 2.4.6 - Stored Cross-Site Scripting XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of...
CVE-2024-43687
creationtimestamp| type| source ---|---|--- 2024-10-04 22:43:37+00:00| seen| https://t.me/cvedetector/7019...
CVE-2024-43687 XSS vulnerability in bannerconfig endpoint in TimeProvider 4100
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43687 XSS vulnerability in bannerconfig endpoint in TimeProvider 4100
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2022-43687
creationtimestamp| type| source ---|---|--- 2022-11-16 07:54:56+00:00| seen| https://t.me/cibsecurity/53000...
CVE-2022-43687
Concrete CMS (formerly concrete5) vulnerability CVE-2022-43687 affects versions below 8.5.10 and 9.0.0–9.1.2, where the OAuth authentication flow does not issue a new session ID after successful login. This insecure session management could allow session fixation-like scenarios as described in mu...
CVE-2021-43687
creationtimestamp| type| source ---|---|--- 2021-12-01 18:40:09+00:00| seen| https://t.me/cibsecurity/33212...
CVE-2021-43687
chamilo-lms v1.11.14 is affected by a Cross Site Scripting XSS vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie...
CVE-2021-43687
CVE-2021-43687 affects Chamilo LMS v1.11.14 with a Cross-Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php when a message hex2bin is placed in the cookie. The issue is web‑accessible and, per the cited sources, allows script execution within the victim’s browser. Public details in...
Chamilo LMS < 1.11.16 Multiple Vulnerabilities
Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...