19 matches found
CVE-2026-43164
In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...
EUVD-2016-5850
Malware in sbrugna...
EUVD-2017-5503
Malware in sbrugna...
EUVD-2023-26588
Malicious code in bioql PyPI...
Tenda i24和Tenda W12 安全漏洞
The Tenda W12 and i24 is a wireless router made by Tenda. A stack overflow vulnerability exists in the Tenda W12 and i24. The vulnerability stems from improper handling of the rebootDate parameter in the cgiSysScheduleRebootSet function in the /bin/httpd file. An attacker can exploit the...
Cross site scripting
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-22425
CVE-2023-22425 concerns SHIRASAGI: a stored cross-site scripting (CWE-79) in the Schedule function affects SHIRASAGI v1.16.2 and earlier. The vulnerability allows a remote authenticated attacker to inject arbitrary script, with impact that an arbitrary script may execute in a user’s browser when ...
CVE-2023-22425
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script...
Multiple cross-site scripting vulnerabilities in SHIRASAGI
Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Stored cross-site scripting vulnerability on Theme switching function CWE-79 - CVE-2023-22427 CVE-2023-22425 Ren...
JVN#18765463: Multiple cross-site scripting vulnerabilities in SHIRASAGI
SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
CVE-2017-13988
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function...
Improper access control
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function...
CVE-2017-13988
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function...
CVE-2016-4870
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
CVE-2016-4870
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
Cross site scripting
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
CVE-2016-4870
CVE-2016-4870 is a cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0, exploitable via the Schedule function by a remote, authenticated attacker who can inject script or HTML into the victim’s browser. Affected product: Cybozu Office versions 9.0.0–10.4.0. Root cause: improper ha...
CVE-2016-4870
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
"Schedule" function in Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...