70 matches found
CVE-2023-52269
MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...
PT-2023-31951 · Unknown · Mdaemon Securitygateway
Name of the Vulnerable Software and Affected Versions: MDaemon SecurityGateway versions through 9.0.3 Description: The issue allows domain administrators to conduct attacks against global administrators via a crafted Message Content Filtering rule, which enables XSS. Recommendations: For MDaemon...
Netcon NS-ASG SQL Injection Vulnerability
Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A security vulnerability exists in Netcon NS-ASG version 6.3, which originates from some unknown functions in /protocol/firewall/addaddressinterpret.phpp that cause SQL injection via the parameter messagecontent...
PT-2023-32323 · Netentsec · Netentsec Ns-Asg Application Security Gateway
Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue was found in the Netentsec NS-ASG Application Security Gateway, affecting some unknown functionality of the file /protocol/firewall/uploadfirewall.php. Th...
Amazon Linux 2 : pki-core (ALAS-2023-2304)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2304 advisory. A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the...
CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
CVE-2020-18477
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message concontent field...
CVE-2021-24535
The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a...
Light Messages <= 1.0 - CSRF to Stored XSS
The plugin is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the...
Cisco Jabber 输入验证错误漏洞
Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice, and other features. Cisco Jabber suffers from an input validation error vulnerability that originates as a result of...
CVE-2020-14225
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...
CVE-2020-14225
CVE-2020-14225 affects HCL iNotes (HCL Domino mail) and is a Tabnabbing vulnerability caused by improper sanitization of message content. The vulnerability enables a remote, unauthenticated attacker to prompt users to enter credentials via phishing-like tricks. Per CVSS data, the attack is networ...
CVE-2020-14225
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...
CVE-2020-14271
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the...
CVE-2020-4080
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security...
Cross site scripting
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security...
HCL Verse 跨站脚本漏洞
HCL Verse is a mobile application for accessing emails and life plan management from HCL India. A cross-site scripting vulnerability exists in HCL Verse v10 and v11, which stems from mishandling of message content and is susceptible to stored cross-site scripting attacks XSS. A remote attacker...
Unspecified Vulnerability in Mattermost Mobile Apps (CNVD-2020-35355)
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps versions prior to 1.26.0, which stems from the fact that sensitive information, such as server addresses and message content, is stored in local device logs and...