18 matches found
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
EUVD-2018-7084
Malware in sbrugna...
EUVD-2018-7085
Malware in sbrugna...
EUVD-2018-7086
Malware in sbrugna...
EUVD-2022-38440
Malicious code in bioql PyPI...
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
CVE-2022-35554
CVE-2022-35554 affects BPC SmartVista v3.28.0. The issue is reflected XSS in error message handling that allows a remote attacker to execute JavaScript in the client browser. CVSSv3.1 base score 6.1 (Network, Low attack complexity, User interaction required, Confidentiality/Integrity impact Low)....
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
BPC SmartVista 跨站脚本漏洞
BPC SmartVista is an end-to-end solution for electronic payment systems. A security vulnerability exists in BPC SmartVista version 3.28.0, which stems from its handling of error messages and allows an attacker to execute javascript code on the client side...
CVE-2018-15208
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter...
CVE-2018-15206
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf...
Session fixation
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter...
Improper access control
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin...
CVE-2018-15208
The CVE-2018-15208 entry concerns BPC SmartVista 2, where a Session Fixation vulnerability exists via the JSESSIONID parameter. According to the NVD record, the vulnerability has a CVSS v3 base score of 7.5 (HIGH) with NETWORK attack vector, HIGH attack complexity, no privileges required, user in...
CVE-2018-15207
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin...
CVE-2018-15207
The CVE-2018-15207 entry concerns BPC SmartVista 2, specifically the SVFE module. Affected component: SVFE2/pages/finadmin/currconvrate/currconvrate.jsf. Root cause: Improper access control that allows a normal user to access functionality intended for admins. Impact stated in CVSS metrics is hig...
CVE-2018-15206
CVE-2018-15206 affects BPC SmartVista 2 with a CSRF flaw exposed at SVFE2/pages/admpages/roles/createrole.jsf. CVSSv3 indicates HIGH impact (8.8) with network attack, low complexity, no privileges, but requires user interaction; confidentiality, integrity, and availability are rated HIGH. No reme...