810 matches found
PT-2024-19178 · Zte · Zxun-Epdg
Name of the Vulnerable Software and Affected Versions: ZTE ZXUN-ePDG product versions up to 5.20.19 Description: The ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, uses a set of non-unique cryptographic keys by default configuration when establishing a secure...
CVE-2024-4337
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...
CVE-2024-4336
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user...
The vulnerability of the operating environment for managing and maintaining Dell Unity Operating Environment (OE) storage systems arises from the lack of measures taken to protect the structure of web pages. This allows attackers to disclose sensitive user session information or execute arbitrary code under the user’s identity.
The vulnerability of the Dell Unity Operating Environment’s operating environment for data storage management and functionality exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor to disclose user session-related...
CVE-2024-3796 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3796
CVE-2024-3796 affects WBSAirback 21.02.04 with a stored XSS in the /admin/BackupSchedule endpoint (description field). A remote attacker could send a crafted URL to steal session data. Exploitation details are not confirmed in all sources, but PT-2024-27865 recommends disabling access to the /adm...
CVE-2024-3795 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3795 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3795
WBSAirback 21.02.04 is affected by a stored XSS vulnerability in the /admin/BackupTemplate endpoint, specifically in the name and description fields. The vulnerability could let an attacker craft a URL to execute script in a victim’s browser and potentially steal session data. Affected software/c...
CVE-2024-3794 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...
CVE-2024-3794
CVE-2024-3794 affects WBSAirback 21.02.04 with a stored XSS vulnerability in the /admin/AdvancedSystem endpoint (description field, all parameters). The issue could allow a remote attacker to craft a URL to steal session data. No patch/version details are provided in the documents; a PT-2024-2784...
CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...
CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...
CVE-2024-3793
WBSAirback 21.02.04 is affected by a stored XSS via the /admin/CloudAccounts endpoint, impacting fields such as account name, user password, and server in multiple parameters. An attacker could deliver a crafted URL to harvest session data. Remediation guidance from PT Security suggests disabling...
CVE-2024-3792 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...
CVE-2024-3792 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...
CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...
CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...
CVE-2024-3791
WBSAirback (version 21.02.04) contains a stored XSS in /admin/SystemConfiguration, affecting the name, free memory limit fields, and type/password parameters. Exploitation could allow a remote attacker to craft a URL that steals session data. The PT-2024-27822 entry provides concrete details of t...
CVE-2024-3790 Cross-site Scripting vulnerability in WBSAirback
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their...