13 matches found
CVE-2020-23957
Pega Platform through 8.4.x is affected by Cross Site Scripting XSS via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI...
EUVD-2020-16694
Malware in sbrugna...
Pegasystem Pega Platform Cross-Site Scripting Vulnerability (CNVD-2021-28267)
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A cross-site scripting vulnerability...
CVE-2020-23957
Pega Platform through 8.4.x is affected by Cross Site Scripting XSS via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI...
CVE-2020-23957
Pega Platform through 8.4.x is affected by Cross Site Scripting XSS via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI...
Cross site scripting
Pega Platform through 8.4.x is affected by Cross Site Scripting XSS via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI...
CVE-2020-23957
CVE-2020-23957 affects Pegasystem Pega Platform up to version 8.4.x. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the ConnectionID parameter, demonstrated by a request such as pyActivity=Data-TRACERSettings.pzStartTracerSession to a PRAuth URI. The provided connected doc...
Pega Platform through 跨站脚本漏洞
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A cross-site scripting vulnerability...
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...
Authorization
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter...
Sql injection
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...
CVE-2008-0385
Urulu 2.1 contains a SQL injection in the connectionId parameter of index.php via PATH_INFO (statprt/js/request or dyn/js/request). The vulnerability allows remote attackers to extract data from the database, with potential for arbitrary code execution if the database user has FILE privileges (e....
CVE-2008-0385
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...