Cross site scripting

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

CVE-2023-43341

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

CVE-2023-43341

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

CVE-2023-43341

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

CVE-2023-43341

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

CVE-2023-43341

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

Evolution CMS 跨站脚本漏洞

Evolution CMS is an open source PHP-based content management system CMS. Evolution CMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the uid parameter, which can be exploited by an attacker to execute...

Evolution CMS Cross-Site Scripting Vulnerability

Evolution CMS is an open source PHP-based content management system CMS. A security vulnerability exists in Evolution CMS version v.3.2.3, which stems from a cross-site scripting XSS vulnerability in several parameters such as cmsadmin, cmsadminmail, and others...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

PT-2023-28789 · Evolution · Evolution

Name of the Vulnerable Software and Affected Versions: evolution version 3.2.3 Description: A cross-site scripting XSS issue allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword, and cmspasswordconfim parameters. This enabl...

PT-2023-28790 · Unknown · Evolution Evo

Name of the Vulnerable Software and Affected Versions: evolution evo version 3.2.3 Description: A cross-site scripting XSS issue allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. This enables the attacker to perform unauthorized actions on the system...

CVE-2023-43340

Evolution CMS 3.2.3 is affected by a Cross-site Scripting (XSS) vulnerability that allows a local attacker to execute arbitrary code by injecting a crafted payload into the parameters: cmsadmin, cmsadminemail, cmspassword, and cmspasswordconfim. Multiple sources (including Red Hat, Veracode, GHSA...

CVE-2023-43341

CVE-2023-43341 affects Evolution CMS – Evolution evo 3.2.3. The connected documents describe a Cross-Site Scripting (XSS) vulnerability where a crafted payload injected into the uid parameter allows a local attacker to execute arbitrary code on the affected system. The issue is consistently repor...

Juniper Networks Junos and Junos EVO Buffer Error Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos and Junos EVO, which is caused by a stack-based buffer overflow...

Oracle Linux 8 : evolution (ELSA-2019-3699)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3699 advisory. - Add patch related to evolution-ews CVE-2019-3890 RH bug 1696763 evolution-ews Tenable has extracted the preceding description block directly from the Oracle...

Oracle Linux 8 : evolution (ELSA-2020-1600)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1600 advisory. - Update patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar - Add patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar Tenable has...

Oracle Linux 7 : evolution (ELSA-2020-1080)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1080 advisory. - Update patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar - Add patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar - Ad...

Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat

Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat By Trellix Advanced Research Center · August 28, 2023 Introduction Ransomware, a malicious software that encrypts valuable data and demands a ransom for its release, has a notorious history marked by its evolution fro...

The code uses block.timestamp for calculating the duration of the curve evolution which can be manipulated by miners

Lines of code L72 Vulnerability details Impact block.timestamp is used to set the initial time tinit and the final time tfinal for the curve's evolution - the duration over which these prices change tinit, tfinal. The potential issue here is that block.timestamp can be manipulated by miners to a...