197 matches found
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
DEBIAN-CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
CVE-2023-6186
CVE-2023-6186 affects LibreOffice. The vulnerability arises from insufficient macro permission validation, enabling certain built-in macros or internal commands to be executed when a user activates hyperlinks that target macros, without explicit user permission. Connected documents corroborate th...
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
UBUNTU-CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
PT-2023-7595 · Document Foundation +10 · Libreoffice +10
Name of the Vulnerable Software and Affected Versions: LibreOffice affected versions not specified Description: The issue is related to insufficient macro permission validation, allowing an attacker to execute built-in macros without warning. In affected versions, LibreOffice supports hyperlinks...
pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name
Impact As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious...
GHSA-735F-W79P-282X pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name
Impact As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious...
GHSA-69VW-3PCM-84RW Jenkins Stored Cross-site Scripting vulnerability
Jenkins applies formatting to the console output of builds, transforming plain URLs into hyperlinks. Jenkins 2.415 and earlier, 2.414 and earlier, and LTS 2.401.2 and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting...
CVE-2023-39151
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...
Cross site scripting
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...
PT-2023-26808 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.415 and earlier Jenkins LTS versions 2.401.2 and earlier Description: The issue is related to the transformation of URLs in build logs into hyperlinks, which are not properly sanitized or encoded. This results in a stored...
Jenkins 跨站脚本漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.415 and earlier, Jenkins LTS 2.401.2 and earlier, which stems from the fact...
FreeBSD : jenkins -- Stored XSS vulnerability (a0321b74-031d-485c-bb76-edd75256a6f0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a0321b74-031d-485c-bb76-edd75256a6f0 advisory. - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
Ericsson Network Manager 安全漏洞
Ericsson Network Manager is a network manager from Ericsson, Sweden. It covers monitoring, troubleshooting, configuration, automation and optimization of networks. A security vulnerability exists in Ericsson Network Manager versions prior to 22.1, which stems from improperly neutralized formula...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...