Proofpoint Insider Threat Management Cross-Site Scripting Vulnerability

Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint Corporation. A cross-site scripting vulnerability exists in Proofpoint Insider Threat Management versions prior to 7.14.3.69, which stems from the presence of a Reflected Cross-Site Scriptin...

CVE-2023-4843

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user...

GHSA-4G27-Q2W9-M8M8 Magento affected by remote code execution vulnerability in the CMS page scheduled update feature

Magento versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code...

GHSA-WQR6-WV6C-P8FX Magento improper access control vulnerability within Magento's Media Gallery Upload workflow

Magento versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privile...

CVE-2023-4588

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-25044

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sumo Social Share Boost plugin = 4.4 versions...

CVE-2023-24401

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davidsword Mobile Call Now & Map Buttons plugin = 1.5.0 versions...

VMware Aria Operations 路径遍历漏洞

VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. Aria Operations for Networks contains a security vulnerability that originated from an arbitrary file write...

PT-2023-8507 · Qnap · Quts Hero +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTScloud versions prior to c5.1.5.2651 Description: A buffer copy without checking the size of input vulnerability has been reported to...

CVE-2023-32497

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Supersoju Block Referer Spam plugin = 1.1.9.4 versions...

CVE-2023-32130

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Daniel Powney Multi Rating plugin = 5.0.6 versions...

ELECOM LAN-WH300N/RE 安全漏洞

ELECOM lan is a router from ELECOM Japan. A security vulnerability exists in the LAN-WH300N/RE that originates from an unknown feature of the device that allows an authenticated user to execute arbitrary operating system commands from an administrative console...

Proself 操作系统命令注入漏洞

Proself is an application from Proself, Inc. A security vulnerability exists in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier that originates from a vulnerability that allows a remote...

PT-2023-4520 · Cisco · Cisco Intersight Private Virtual Appliance

Name of the Vulnerable Software and Affected Versions: Cisco Intersight Private Virtual Appliance affected versions not specified Description: The issue is due to insufficient input validation when extracting uploaded software packages, allowing an authenticated, remote attacker with Administrato...

CVE-2023-24389

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in brandiD Social Proof Testimonial Slider plugin = 2.2.3 versions...

CVE-2023-23903

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention...

CVE-2023-23903

CVE-2023-23903 affects Nozomi Guardian/CMC (before v22.6.2). An authenticated administrator can upload a SAML configuration file with the wrong format, and the application does not validate the correct file format. This causes a Denial of Service where every subsequent request renders the applica...

CVE-2023-37857

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...

CVE-2023-23829

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pierre JEHAN Owl Carousel plugin = 0.5.3 versions...

CVE-2023-3569

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service...