Lucene search
K

56 matches found

Vulnrichment
Vulnrichment
added 2023/12/04 11:3 p.m.9 views

CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...

6.1CVSS6.9AI score0.00997EPSS
Exploits1References1
Citrix
Citrix
added 2023/09/01 12:0 a.m.7 views

How to add custom app icon in Android Play Store applications

...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2023/01/05 10:56 a.m.21 views

Stripe: XSS vulnerability without a content security bypass in a `CUSTOM` App through Button tag

A possible XSS vulnerability was discovered in a CUSTOM app through the Button tag, without being able to bypass a content security policy. An attacker could exploit this vulnerability to execute malicious code on the affected website...

6.6AI score
Exploits0
Citrix
Citrix
added 2022/08/31 12:0 a.m.7 views

Unable to use managed-app-utility.jar from MAM-SDK with Java 11

Building a custom app using Java 11 or later, the gradle build chain fails when invoking the final stage "task generateMdx" as the jar file for this stage requiresJava 1.7/1.8 Java/JDK 8...

7.2AI score
Exploits0
OSV
OSV
added 2022/08/18 8:15 a.m.5 views

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

4.3CVSS5.9AI score0.00728EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/18 8:15 a.m.3 views

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

4.3CVSS6AI score0.00728EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/08/18 8:15 a.m.25 views

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

4.3CVSS0.00728EPSS
Exploits0References2
Prion
Prion
added 2022/08/18 8:15 a.m.12 views

Authentication flaw

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

4CVSS4.5AI score0.00728EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/18 7:11 a.m.26 views

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

5AI score0.00728EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.3 views

PT-2022-19897 · Cybozu · Cybozu Office

Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: A browse restriction bypass issue in the Custom App of Cybozu Office allows a remote authenticated attacker to obtain Custom App data via unspecified vectors. Recommendations: For Cybo...

4.3CVSS4.3AI score0.00728EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/20 8:28 a.m.4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 CyVDB-1795 Operation restriction bypass vulnerability in Project CWE-285 - CVE-2022-32544...

6.5CVSS7AI score0.00759EPSS
Exploits0References30
Hacker One
Hacker One
added 2022/02/01 2:42 p.m.14 views

Shopify: User with no Develop apps permission can Uninstall Custom App

Hi, You know user must have Develop apps permission to Uninstall Develop apps to test this just create staff with Manage and install apps and channels F1601504 send this mutation just change appId by your id...

0.9AI score
Exploits0
OSV
OSV
added 2021/03/18 1:15 a.m.0 views

CVE-2021-20634

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors...

4.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2021/03/18 1:15 a.m.4 views

CVE-2021-20631

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors...

6.5CVSS5.8AI score0.00743EPSS
Exploits0References2
Prion
Prion
added 2021/03/18 1:15 a.m.16 views

Input validation

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors...

4CVSS6.2AI score0.00743EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/18 1:15 a.m.13 views

Improper access control

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors...

4CVSS4.8AI score0.00722EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/18 12:56 a.m.14 views

CVE-2021-20631

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors...

6.4AI score0.00743EPSS
Exploits0References2
CVE
CVE
added 2021/03/18 12:56 a.m.90 views

CVE-2021-20631

CVE-2021-20631 is an improper input validation vulnerability in Cybozu Office, affecting version 10.0.0 to 10.8.4, specifically in the Custom App component. The issue allows an authenticated attacker to alter data within the Custom App via unspecified vectors. The public references (e.g., Cybozu/...

6.5CVSS6.2AI score0.00743EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/15 6:56 a.m.4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...

6.5CVSS6.6AI score0.0081EPSS
Exploits0References29
BDU FSTEC
BDU FSTEC
added 2020/03/25 12:0 a.m.3 views

The vulnerability of the Universal Plug and Play (UPnP) service in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the Universal Plug and Play UPnP service in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application or a specially created script...

7.8CVSS7.1AI score0.00922EPSS
Exploits0References2
Rows per page
Query Builder