8 matches found
PT-2025-51941
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.0.0 Description The application inadequately sanitizes or encodes user-supplied HTML/JS, leading to stored cross-site scripting XSS. This allows an attacker to execute JavaScript in the browsers of other users...
CVE-2020-11846
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1...
IBM Planning Analytics ๅฎๅ จๆผๆด
IBM Planning Analytics, a planning, budgeting, forecasting and analysis solution, is vulnerable to an information disclosure in IBM Planning Analytics version 2.0. The vulnerability stems from the HTTPOnly flag not being set. A remote attacker could use this vulnerability to obtain sensitive...
XSS Vulnerability in WeiPHP of Shenzhen Yuanmeng Cloud Technology Co. Ltd (CNVD-2020-28790)
WeiPHP is an open source WeChat public platform development framework to build a personal WeChat public account operation platform. Shenzhen Yuanmeng Yun Technology Co., Ltd WeiPHP exists XSS vulnerability, attackers can use the vulnerability in the case of not logging in by inserting malicious j...
74cms v4.2.111 xss vulnerability in enterprise posting jobs page
Knight Talent System 74cms is based on PHP + MYSQL as the core development of a set of free + open source professional recruitment system. By Taiyuan Xunyi Technology Co., Ltd. was officially launched in 2009. 74cms v4.2.111 enterprise posting job page there are xss vulnerabilities, attackers can...
Reflected Cross-Site Scripting Vulnerability in ZZCMS Version 8.2
zzcms is a free website builder developed in asp language. A reflective cross-site scripting vulnerability exists in the step6.php file in version 8.2 of zzcms, which allows an attacker to construct an XSS statement, perform a pop-up box operation, and obtain information such as a user's cookie...
Multiple Blue Coat Systems SSL Visibility Appliance Product Sensitive Information Vulnerabilities
Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...
OpenJDK Proxy mechanism information leaks (6801071)
The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...