21 matches found
CVE-2025-39664
Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...
CVE-2025-39664
Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...
CVE-2025-39664
Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...
UBUNTU-CVE-2025-39664
Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...
EUVD-2025-33348
Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...
CVE-2025-39664 Path-Traversal in report scheduler
Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...
CVE-2025-39664 Path-Traversal in report scheduler
Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability in Checkmk versions prior to 2.4.0p13, prior to 2.3.0p38, prior to 2.2.0p46, and version 2.1.0, which stems from insufficient escaping in the report scheduler, could allow an attacker to define the storage location o...
PT-2025-41389
Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.4.0p13 Checkmk versions prior to 2.3.0p38 Checkmk versions prior to 2.2.0p46 Checkmk version 2.1.0 Description A flaw exists in the report scheduler of Checkmk that allows authenticated attackers to define the stora...
EUVD-2020-24134
Malware in sbrugna...
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...
Cross site scripting
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...
CVE-2020-36692
CVE-2020-36692 affects Sophos Web Appliance prior to 4.3.10.4. The issue is a reflected XSS in the report scheduler via a crafted POST form, requiring the victim to submit the form while logged in to SWA. This can allow execution of JavaScript in the victim’s browser. Mitigation: upgrade to 4.3.1...
PT-2023-2880 · Sophos · Sophos Web Appliance
Name of the Vulnerable Software and Affected Versions: Sophos Web Appliance versions older than 4.3.10.4 Description: A reflected XSS via POST vulnerability in the report scheduler allows execution of JavaScript code in the victim's browser via a malicious form that must be manually submitted by...
Sophos Web Gateway 4.4.1 Cross Site Scripting
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability Title: Sophos Web Gateway Persistent Cross Site Scripting Vulnerability Advisory ID: KL-001-2018-001 Publication Date: 2018.01.26 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-001.txt ...
CVE-2016-7955
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report...
CVE-2014-9711
Multiple cross-site scripting XSS vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary w...
CVE-2014-9711
Multiple cross-site scripting XSS vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary w...