11 matches found
CVE-2020-37192
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...
CVE-2020-37192 MSN Password Recovery 1.30 - XML External Entity Injection
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...
CVE-2020-37192 MSN Password Recovery 1.30 - XML External Entity Injection
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...
CVE-2020-37192
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...
CVE-2020-37192
MSN Password Recovery 1.30 is affected by an XML External Entity (XXE) vulnerability that allows a local attacker to read local system files by supplying crafted XML input. The attack targets the Favorites tab via XML references to external entities, exposing sensitive configuration information. ...
CVE-2022-34322
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...
Cross site scripting
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...
PT-2023-13357 · Sage · Sage Enterprise Intelligence
Name of the Vulnerable Software and Affected Versions: Sage Enterprise Intelligence version 2021 R1.1 Description: Multiple XSS issues were discovered that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerabl...
CVE-2022-34322
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...
How to select by default Apps instead of Favorites tab on RfWebUI Theme
Unified Gateway ICA Proxy set to NO without Storefront will land on the Favorites page. Default: Goal:...
How to change default view on storefront website.
When we access Storefront site, the page directly lands to Favorites tab. How to change it?...