CVE-2021-33347

An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur...

JPress 跨站脚本漏洞

Jpress is a set of blogging platform developed in Java language by Jpress team. A cross-site scripting vulnerability exists in JPress v3.3.0 and below, which originates from the template module and tag management module...

CMSWing Cross-Site Scripting Vulnerability

CMSWing is an e-commerce platform and CMS building system based on ThinkJS and MySQL. A cross-site scripting vulnerability exists in CmsWing version 1.3.7, which stems from a vulnerability that is triggered when an administrator accesses the content management module. No detailed vulnerability...

CVE-2020-24992

There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when an administrator accesses the content management module...

Cross site scripting

There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability stored XSS is triggered when an administrator accesses the content management module...

CMSWing跨站脚本漏洞

CMSWing is an e-commerce platform and CMS building system based on ThinkJS and MySQL. A cross-site scripting vulnerability exists in CmsWing version 1.3.7, which stems from a vulnerability that is triggered when an administrator accesses the content management module. No detailed vulnerability...

CVE-2021-23009

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data...

CVE-2021-27437

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM versions prior to...

F5 BIG-IP 代码注入漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A code injection vulnerability exists in BIG-IP, which is caused by improper resource management within TMM. The following...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in Libxml2

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in Libxml2. Vulnerability Details CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An...

F5 BIG-IP SSL Communication Handling Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in the processing of F5 BIG-IP SSL communications, which can be exploited by remote attackers to submit a special request...

CVE-2020-8340

A cross-site scripting XSS vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 Integrated Management Module 2, prior to version 5.60, embedded Baseboard Management Controller BMC web interface during an internal security review. This vulnerability could allow JavaScript code t...

The vulnerability of the Data Management Module (DME) of the Cisco NX-OS network operating system, which allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Data Management Module DME of the Cisco NX-OS network operating system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures...

F5 BIG-IP UDP Request Denial of Service Vulnerability

The F5 BIG-IP is an F5 load balancing device. A security vulnerability exists in the F5 BIG-IP's handling of UDP protocol data, which can be exploited by a remote attacker to submit a special request that can cause the TMM to reboot, resulting in a denial-of-service attack...

CVE-2020-6871

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects:...

Command Execution Vulnerability in SSH of UPS Management Module at VitiTech Ltd.

VitiTech is an uninterruptible power supply, automation control equipment and industrial battery company. A command execution vulnerability exists in SSH, the UPS management module of Verti Technologies Ltd. The vulnerability can be exploited to remotely execute system shell commands bypassing...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by multiple vulnerabilities in libssh2

Summary The following vulnerabilities in libssh2 have been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2019-3857 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a...

CVE-2020-1117

A remote code execution vulnerability exists in the way that the Color Management Module ICM32.dll handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'...

CVE-2020-1117

CVE-2020-1117 affects the Color Management Module in Windows (ICM32.dll). FireEye’s analysis documents a heap-based overflow in icm32 occurring during InitNamedColorProfileData while parsing the ‘ncl2’ color-profile element, due to using an incorrect offset (0x51) for verification and advancing t...

CVE-2020-1117

A remote code execution vulnerability exists in the way that the Color Management Module ICM32.dll handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'...