61 matches found
CVE-2024-3792
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...
CVE-2024-3795 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3794 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...
CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...
PT-2024-27822 · Unknown · Wbsairback
Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It occurs through the /admin/SystemConfiguration endpoint, specifically in the name and free memory limit fields, and the type and password...
CVE-2024-29878
Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-29878
Vulnerability: CVE-2024-29878 affects Sentrifugo 3.2. The XSS is in the description parameter of /sentrifugo/index.php/sitepreference/add. An attacker can craft a URL to execute arbitrary script in the victim’s browser and steal session data. Root cause: insufficient input validation/escaping for...
CVE-2024-29877 Cross-Site Scripting (XSS) vulnerability in Sentrifugo
Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expensecategoryname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
Node.js: HTTP Request Smuggling via Content Length Obfuscation
The team identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers could lead to HTTP request smuggling. Specifically, if a space was placed before a content-length header, it was not interpreted correctly, enabling attackers to smuggle in ...
CVE-2023-23553
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...
CVE-2022-35227
A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...
CVE-2022-35227
A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...
SAP NetWeaver AS ABAP Business Server 跨站脚本漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver AS for ABAP, which can be exploited by an attacker ...
SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability
SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java versions 7.10,...
CVE-2020-6319
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...
CVE-2020-6283
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...
CVE-2018-14688
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...
CVE-2017-11879
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability"...
RedHat Update for thunderbird RHSA-2008:0105-01
Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2008:0105-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...