TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 suffers from an access control error vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

TYPO3 SQL注入漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 is vulnerable to a SQL injection vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...

TYPO3 信息泄露漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 has an information disclosure vulnerability that stems from a failure to properly encode user input, which could be exploited by an attacker to obtain sensitive data for API...

CVE-2021-27658

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users...

CVE-2021-27659

exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users...

CVE-2021-33664

SAP NetWeaver Application Server ABAP Applications based on Web Dynpro ABAP, versions - SAPUI - 750,752,753,754,755, SAPBASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2021-33665

SAP NetWeaver Application Server ABAP Applications based on SAP GUI for HTML, versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

PT-2021-14556 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for ABAP Web Survey versions 700 through 75F Description: The issue arises from insufficient encoding of input and output parameters, leading to a reflected cross-site scripting vulnerability. This allows a malicious user to...

Plone cross-site scripting vulnerability (CNVD-2021-37279)

Plone is a foreign open source CMS system suitable for enterprise-level applications. A cross-site scripting vulnerability exists in the user full name attribute and file upload functionality in Plone CMS versions prior to 5.2.4. The vulnerability stems from user input that is not properly encode...

UBUNTU-CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

SAP Commerce Cloud Cross-Site Scripting Vulnerability

SAP Commerce Cloud is a cloud-based e-commerce platform. A cross-site script execution vulnerability exists in SAP Commerce Cloud versions 1808, 1811, 1905, and 2005. The vulnerability stems from the program not properly encoding user input. An attacker could exploit this recording vulnerability ...

CVE-2020-6370

SAP NetWeaver Design Time Repository DTR, versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2020-6272

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...

CVE-2020-6323

SAP NetWeaver Enterprise Portal Fiori Framework Page versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the...

Mail.ru: [delivery.city-mobil.ru] Stored XSS into support request comment

Stored XSS in support request comment functionality on delivery.city-mobil.ru Citymobil corporate user could use delivery.city-mobil.ru API for submitting data. It led to bypass input-encoding filters of corporate.city-mobil.ru and stored XSS appeared at corporate.city-mobil.ru...

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

GHSA-MPJF-8CMF-P789 Cross-Site Scripting in jingo

Versions of jingo prior to 1.9.2 are vulnerable to Cross-Site Scripting XSS. If malicious input such as alert1 is placed in the content of a wiki page, Jingo does not properly encode the input and it is executed instead of rendered as text. Recommendation Upgrade to version 1.9.2...

SAP Process Integration PI Rest Adapter Cross-Site Scripting Vulnerability

SAP Process Integration is a middleware provided by SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems external to the company. A cross-site scripting vulnerability exists in SAP Process Integration PI Rest Adapter. The vulnerability stem...

CVE-2020-6281

SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting...