56 matches found
CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite
Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...
How to add custom app icon in Android Play Store applications
...
Stripe: XSS vulnerability without a content security bypass in a `CUSTOM` App through Button tag
A possible XSS vulnerability was discovered in a CUSTOM app through the Button tag, without being able to bypass a content security policy. An attacker could exploit this vulnerability to execute malicious code on the affected website...
Unable to use managed-app-utility.jar from MAM-SDK with Java 11
Building a custom app using Java 11 or later, the gradle build chain fails when invoking the final stage "task generateMdx" as the jar file for this stage requiresJava 1.7/1.8 Java/JDK 8...
CVE-2022-29891
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...
CVE-2022-29891
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...
CVE-2022-29891
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...
Authentication flaw
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...
CVE-2022-29891
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...
PT-2022-19897 · Cybozu · Cybozu Office
Name of the Vulnerable Software and Affected Versions: Cybozu Office versions 10.0.0 through 10.8.5 Description: A browse restriction bypass issue in the Custom App of Cybozu Office allows a remote authenticated attacker to obtain Custom App data via unspecified vectors. Recommendations: For Cybo...
Multiple vulnerabilities in Cybozu Office
Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 CyVDB-1795 Operation restriction bypass vulnerability in Project CWE-285 - CVE-2022-32544...
Shopify: User with no Develop apps permission can Uninstall Custom App
Hi, You know user must have Develop apps permission to Uninstall Develop apps to test this just create staff with Manage and install apps and channels F1601504 send this mutation just change appId by your id...
CVE-2021-20634
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors...
CVE-2021-20631
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors...
Input validation
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors...
Improper access control
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors...
CVE-2021-20631
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors...
CVE-2021-20631
CVE-2021-20631 is an improper input validation vulnerability in Cybozu Office, affecting version 10.0.0 to 10.8.4, specifically in the Custom App component. The issue allows an authenticated attacker to alter data within the Custom App via unspecified vectors. The public references (e.g., Cybozu/...
Multiple vulnerabilities in Cybozu Office
Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...
The vulnerability of the Universal Plug and Play (UPnP) service in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the Universal Plug and Play UPnP service in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application or a specially created script...