Microweber Cross-Site Scripting Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 2.0, which...

Schneider Electric IGSS

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: low attack complexity ​Vendor: Schneider Electric ​Equipment: IGSS Interactive Graphical SCADA System ​Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow arbitrary code...

CVE-2023-3001

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file...

CVE-2023-3001

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file...

CVE-2023-3001

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file...

PT-2023-3139 · Schneider Electric · Igss

Name of the Vulnerable Software and Affected Versions: Schneider Electric IGSS affected versions not specified Description: A Deserialization of Untrusted Data issue exists in the Dashboard module, potentially leading to remote code execution when an attacker gets the user to open a malicious fil...

Stored XSS in the module named "Dashboard"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video PoC https://drive.google.com/file/d/19lzyLY20fn0WdgRxsIrIRSfkrq36j7s5/view?usp=sharing Steps 1.Login as administrator...

CVE-2023-27978

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...

CVE-2023-27978

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting XSS. A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload...

CVE-2022-45437 Stored cross-site scripting vulnerability in the reporting dashboard module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting XSS. A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload...

CVE-2020-26249

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...

Huawei SmartCare dashboard module cross-site scripting vulnerability

Huawei SmartCare is an end-to-end user perception enhancement and assurance solution from Huawei, China, for improving customer experience in the telecom sector. dashboard module is one of the dashboard modules. A cross-site scripting vulnerability exists in the dashboard module in Huawei...

CVE-2017-15312

Huawei SmartCare V200R003C10 has a stored XSS cross-site scripting vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device...

Cross site scripting

Huawei SmartCare V200R003C10 has a stored XSS cross-site scripting vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device...

CVE-2017-15312

Huawei SmartCare V200R003C10 is affected by a stored XSS vulnerability in the dashboard module. A remote authenticated attacker could inject malicious scripts into the affected device via the dashboard, enabling script execution in the user’s browser. The issue is documented across multiple recor...

CVE-2017-9366

Telaxus EPESI 1.8.2 and earlier is affected by a Stored XSS in modules/Base/Dashboard/Dashboard_0.php via a crafted tab_name parameter. Affected product: EPESI (Polish open-source CRM) versions up to 1.8.2.1. Root cause: input in tab_name not properly sanitized, enabling injection of arbitrary sc...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 viewname parameter in a CalendarAjax action, 2 activitymode parameter in a DetailView action, 3 contactid and 4 parentid parameters in an...

CVE-2011-4670

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 viewname parameter in a CalendarAjax action, 2 activitymode parameter in a DetailView action, 3 contactid and 4 parentid parameters in an...

SA-CONTRIB-2010-076 - Dashboard - Cross Site Scripting (CSS)

The dashboard module allows users to create a personalized set of pages of widgets created from existing blocks and nodes like iGoogle. The module does not escape user generated names for tags & titles associated with default widgets that are added to a user dashboard page, leading to a Cross Sit...