25 matches found
EUVD-2020-7117
Malware in sbrugna...
EUVD-2020-7119
Malware in sbrugna...
EUVD-2020-7118
Malware in sbrugna...
CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
CVE-2020-14987
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
Malicious code in latam-xp-analytics-plugin-bloomreach (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46687ff096af514b5081dc4a34a83f209ca1ad61f07606c88537ffc54f3054ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
Design/Logic Flaw
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
Cross site request forgery (csrf)
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
CVE-2020-14987
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
CVE-2020-14987
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
Code injection
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
CVE-2020-14989
CVE-2020-14989 affects Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. The vulnerability is a cross-site request forgery (CSRF) flaw that occurs when an attacker tricks a user into issuing requests via GET where POST was intended. Impact details in the sources indicate potential integr...
CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
CVE-2020-14988
Vulnerability: Bloomreach Experience Manager (brXM) 4.1.0–14.2.2. Affected component/script areas expose XSS via: loginpage (loginmessage), rich text editor (src attributes in HTML), translations menu (foldername), author page (link URL), and image upload with an SVG containing JavaScript. Root c...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
CVE-2020-14987
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...