Cups Easy cross-site scripting vulnerability (CNVD-2024-13105)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from a failure to adequately escape the description parameter on the /cupseasylive/taxstructurelist.php page. An...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11138)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. A cross-site scripting vulnerability exists in Cups Easy version 1.0, which stems from insufficient escaping of the grnno parameter on the /cupseasylive/grnprint.php page. An attacker coul...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11124)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability due to the companymodify.php script improperly validating user-supplied input. An attacker could use this vulnerability to steal...

Security Bulletin: A vulnerability in the GSKit component of Content Manager Enterprise Edition (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of Content Manager Enterprise Edition. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Grafana (CVE-2023-1410)

Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-1410 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID: CVE-2023-1410 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-14041)

Summary Bootstrap is used by IBM Storage Ceph as a CSS framework. CVE-2018-14041 This bulletin identifies the steps to take to address the vulnerability in Bootstrap. Vulnerability Details CVEID: CVE-2018-14041 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper...

CVE-2023-51741

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51740

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51741 Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51741 Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51740 Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51740 Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2024-0056

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

CVE-2023-5879 Aladdin Connect Android Application Insecure Storage

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 and below on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication...

CVE-2023-5879

CVE-2023-5879: In Genie Aladdin Connect Android app (versions 5.65 Build 2075 and earlier), authentication data was stored in clear text in the app’s local storage, enabling recovery of credentials if the device is compromised. Root cause: insecure storage of sensitive data within the Android app...

CVE-2023-50727

A cross-site scripting flaw was found in Resque due to improper validation of user-supplied input by the Queue Endpoint. This issue could allow a remote authenticated attacker to use a specially crafted URL to execute script in a victim's web browser within the security context of the hosting web...

CVE-2023-4486 Uncontrolled Resource Consumption in Metasys and Facility Explorer

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...

CVE-2023-28017

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

Cross site scripting

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

CVE-2023-28017 HCL Connections is vulnerable to cross-site scripting

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...