CVE-2025-62326 HCL Digital Experience is susceptible to stored cross-site scripting (XSS)

HCL Digital Experience is susceptible to stored cross-site scripting XSS in the administrative user interface which would require elevated privileges to exploit...

EUVD-2025-25205

Malicious code in bioql PyPI...

CVE-2025-31988

HCL Digital Experience is susceptible to cross site scripting XSS in an administrative UI with restricted access...

CVE-2025-31988 HCL Digital Experience is susceptible to cross site scripting (XSS)

HCL Digital Experience is susceptible to cross site scripting XSS in an administrative UI with restricted access...

CVE-2025-49081

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2020-19586

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI...

CVE-2021-38701

Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180...

CVE-2019-7393

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases...

Privilege escalation

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where a...

Authentication flaw

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases...

CVE-2018-6677 McAfee Web Gateway (MWG) - Directory Traversal vulnerability

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway MWG MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors...

CVE-2018-6677

Affected product : McAfee Web Gateway (MWG) 7.8.1.x. Vulnerability : Directory Traversal in the administrative user interface that enables authenticated administrator users to gain elevated privileges via unspecified vectors. The core impact is privilege escalation within MWG. What is vulnerable ...

CVE-2018-6667 McAfee Web Gateway - Authentication Bypass vulnerability

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions JMX...

CVE-2016-4791

The administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery SSRF attacks via unspecified vectors...

CVE-2016-4790

Cross-site scripting XSS vulnerability in the administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2016-4789

Pulse Connect Secure (PCS) has an XSS vulnerability in the system configuration section of the administrative UI. Affected versions are 7.4 through 7.4r13.3, 8.0 through 8.0r8, 8.1 through 8.1r1, and 8.2 through 8.2r0. The issue allows remote attackers to inject arbitrary script/HTML via unspecif...

CVE-2016-4789

Cross-site scripting XSS vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2016-4789

Cross-site scripting XSS vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...