20 matches found
EUVD-2020-7118
Malware in sbrugna...
EUVD-2020-7117
Malware in sbrugna...
EUVD-2020-7119
Malware in sbrugna...
CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
CVE-2020-14987
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
Cross site request forgery (csrf)
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
Design/Logic Flaw
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
CVE-2020-14987
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
Code injection
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...
CVE-2020-14989
CVE-2020-14989 affects Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. The vulnerability is a cross-site request forgery (CSRF) flaw that occurs when an attacker tricks a user into issuing requests via GET where POST was intended. Impact details in the sources indicate potential integr...
CVE-2020-14988
Vulnerability: Bloomreach Experience Manager (brXM) 4.1.0–14.2.2. Affected component/script areas expose XSS via: loginpage (loginmessage), rich text editor (src attributes in HTML), translations menu (foldername), author page (link URL), and image upload with an SVG containing JavaScript. Root c...
CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...
CVE-2020-14987
An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...
CVE-2020-14987
CVE-2020-14987 affects Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. The issue arises from mishandling of the capability for administrators to write and run Groovy scripts within the updater editor, enabling remote code execution if an attacker can leverage an AST transforming annota...
Bloomreach Experience Manager 跨站脚本漏洞
Bloomreach Experience Manager is an application from Bloomreach USA. which provides AI-driven search and merchandising tools. A cross-site scripting vulnerability exists in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2, which stems from the loginmessage parameter allowing XSS in the log...
Bloomreach Experience Manager 安全漏洞
Bloomreach Experience Manager is an application from Bloomreach USA. which provides AI-driven search and merchandising tools. A security vulnerability exists in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2, which originates from a vulnerability that could allow a remote attacker to...