18 matches found
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
EUVD-2018-7084
Malware in sbrugna...
EUVD-2018-7085
Malware in sbrugna...
EUVD-2018-7086
Malware in sbrugna...
EUVD-2022-38440
Malicious code in bioql PyPI...
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
CVE-2022-35554
CVE-2022-35554 affects BPC SmartVista v3.28.0. The issue is reflected XSS in error message handling that allows a remote attacker to execute JavaScript in the client browser. CVSSv3.1 base score 6.1 (Network, Low attack complexity, User interaction required, Confidentiality/Integrity impact Low)....
BPC SmartVista 跨站脚本漏洞
BPC SmartVista is an end-to-end solution for electronic payment systems. A security vulnerability exists in BPC SmartVista version 3.28.0, which stems from its handling of error messages and allows an attacker to execute javascript code on the client side...
CVE-2018-15206
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf...
CVE-2018-15208
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter...
Session fixation
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter...
Improper access control
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin...
CVE-2018-15208
The CVE-2018-15208 entry concerns BPC SmartVista 2, where a Session Fixation vulnerability exists via the JSESSIONID parameter. According to the NVD record, the vulnerability has a CVSS v3 base score of 7.5 (HIGH) with NETWORK attack vector, HIGH attack complexity, no privileges required, user in...
CVE-2018-15207
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin...
CVE-2018-15207
The CVE-2018-15207 entry concerns BPC SmartVista 2, specifically the SVFE module. Affected component: SVFE2/pages/finadmin/currconvrate/currconvrate.jsf. Root cause: Improper access control that allows a normal user to access functionality intended for admins. Impact stated in CVSS metrics is hig...
CVE-2018-15206
CVE-2018-15206 affects BPC SmartVista 2 with a CSRF flaw exposed at SVFE2/pages/admpages/roles/createrole.jsf. CVSSv3 indicates HIGH impact (8.8) with network attack, low complexity, no privileges, but requires user interaction; confidentiality, integrity, and availability are rated HIGH. No reme...