Lucene search
K

70 matches found

Cvelist
Cvelist
added 2023/12/31 12:0 a.m.32 views

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

5AI score0.00363EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.5 views

PT-2023-31951 · Unknown · Mdaemon Securitygateway

Name of the Vulnerable Software and Affected Versions: MDaemon SecurityGateway versions through 9.0.3 Description: The issue allows domain administrators to conduct attacks against global administrators via a crafted Message Content Filtering rule, which enables XSS. Recommendations: For MDaemon...

4.8CVSS4.9AI score0.00363EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.4 views

Netcon NS-ASG SQL Injection Vulnerability

Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A security vulnerability exists in Netcon NS-ASG version 6.3, which originates from some unknown functions in /protocol/firewall/addaddressinterpret.phpp that cause SQL injection via the parameter messagecontent...

7.5CVSS8AI score0.00551EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.4 views

PT-2023-32323 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue was found in the Netentsec NS-ASG Application Security Gateway, affecting some unknown functionality of the file /protocol/firewall/uploadfirewall.php. Th...

9.8CVSS6.4AI score0.00671EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.26 views

Amazon Linux 2 : pki-core (ALAS-2023-2304)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2304 advisory. A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the...

5.7CVSS6.2AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2022/07/14 3:15 p.m.13 views

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS0.00227EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/07/14 2:53 p.m.21 views

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS5.6AI score0.00227EPSS
Exploits0
Cvelist
Cvelist
added 2022/07/14 2:53 p.m.19 views

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.6AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2021/08/26 6:15 p.m.29 views

CVE-2020-18477

SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message concontent field...

8.8CVSS0.00887EPSS
Exploits1References1
OSV
OSV
added 2021/08/16 11:15 a.m.4 views

CVE-2021-24535

The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a...

6.1CVSS5.9AI score0.00412EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.18 views

Light Messages <= 1.0 - CSRF to Stored XSS

The plugin is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the...

4.3CVSS1.1AI score0.00412EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.4 views

Cisco Jabber 输入验证错误漏洞

Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice, and other features. Cisco Jabber suffers from an input validation error vulnerability that originates as a result of...

6.5CVSS6.8AI score0.00786EPSS
Exploits0References4
NVD
NVD
added 2020/12/21 6:15 p.m.14 views

CVE-2020-14225

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...

6.5CVSS6.4AI score0.0125EPSS
Exploits0References1
CVE
CVE
added 2020/12/21 5:9 p.m.47 views

CVE-2020-14225

CVE-2020-14225 affects HCL iNotes (HCL Domino mail) and is a Tabnabbing vulnerability caused by improper sanitization of message content. The vulnerability enables a remote, unauthenticated attacker to prompt users to enter credentials via phishing-like tricks. Per CVSS data, the attack is networ...

6.5CVSS6.3AI score0.0125EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/12/21 5:9 p.m.15 views

CVE-2020-14225

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...

6.4AI score0.0125EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 11:15 p.m.2 views

CVE-2020-14271

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the...

6.1CVSS6.3AI score
Exploits0References1
OSV
OSV
added 2020/12/18 10:15 p.m.4 views

CVE-2020-4080

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security...

6.1CVSS6.3AI score0.00844EPSS
Exploits0References1
Prion
Prion
added 2020/12/18 10:15 p.m.24 views

Cross site scripting

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security...

4.3CVSS6.1AI score0.00844EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.9 views

HCL Verse 跨站脚本漏洞

HCL Verse is a mobile application for accessing emails and life plan management from HCL India. A cross-site scripting vulnerability exists in HCL Verse v10 and v11, which stems from mishandling of message content and is susceptible to stored cross-site scripting attacks XSS. A remote attacker...

6.1CVSS6.3AI score0.00844EPSS
Exploits0References2
CNVD
CNVD
added 2020/06/22 12:0 a.m.3 views

Unspecified Vulnerability in Mattermost Mobile Apps (CNVD-2020-35355)

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps versions prior to 1.26.0, which stems from the fact that sensitive information, such as server addresses and message content, is stored in local device logs and...

7.5CVSS6.6AI score0.0112EPSS
Exploits0References1
Rows per page
Query Builder