124 matches found
CVE-2023-30093
CVE-2023-30093 is a cross-site scripting (XSS) vulnerability affecting Open Networking Foundation ONOS, from version v1.9.0 through v2.7.0. The issue enables execution of arbitrary web scripts/HTML via a crafted payload injected into the url parameter of the API documentation dashboard. The provi...
CVE-2023-30093
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
PT-2023-22535 · Open Networking Foundation · Onos
Name of the Vulnerable Software and Affected Versions: Open Networking Foundation ONOS versions 1.9.0 through 2.7.0 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter or...
CVE-2023-30093
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
jeecg-boot vulnerable to improper authentication
A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a...
GHSA-6RFV-H5V8-CJ7G jeecg-boot vulnerable to improper authentication
A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a...
CVE-2023-1784
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
Authentication flaw
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2023-1784 jeecg-boot API Documentation improper authentication
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2023-1784
CVE-2023-1784 (jeecg-boot 3.5.0) is described across multiple connected sources as a critical issue involving improper authentication in the API Documentation processing. The root cause is not fully detailed in the provided documents, but the vulnerability enables remote exploitation and is assoc...
CVE-2023-24279
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
Cross site scripting
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
CVE-2023-24279
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
CVE-2023-24279
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
PT-2023-15695 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0 through 2.0.0p29 Checkmk versions 2.1.0 through 2.1.0p13 Description: The issue is related to the lack of authorization controls in the RestAPI documentation for Checkmk, which may lead to unintended information...
Authorization
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...
CVE-2022-39258 mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...
Security Bulletin: IBM Sterling Order Management - Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...
Security Bulletin: TADDM Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...
Security Bulletin: Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Abstract Java API Documentation shipped in IBM Tivoli Storage Manager TSM 6.1, 6.2, and 6.3 Windows client packages contains a frame injection vulnerability Content VULNERABILITY DETAILS: The TSM 6.1 Windows client packages and some TSM 6.2 and 6.3 Windows client packages contain documentation...