380 matches found
CVE-2021-24756
The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...
CVE-2021-24756
The WP System Log plugin (WordPress) before version 1.0.21 does not sanitize, validate, or escape the IP address parsed from login requests, allowing an unauthenticated attacker to trigger Cross‑Site Scripting in admins viewing the Activity/Log dashboard. A fix is to upgrade to 1.0.21 or newer (r...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WP System Log plugin is a WordPress open source application plugin. WordPress WP System Log plugin in versions pri...
The vulnerability in the web interface for managing device information on the Cisco Common Services Platform Collector allows a malicious actor to enhance their privileges within the system.
The vulnerability of the Web interface for collecting device information on Cisco Common Services Platform Collector is related to an incorrect configuration of the system log. Exploiting this vulnerability allows a malicious actor to specify files other than logs as sources for the system log...
WordPress WP System Log plugin <= 1.0.20 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by wzy-ceb Attack defense in WordPress WP System Log plugin versions = 1.0.20. Solution Update the WordPress WP System Log plugin to the latest available version at least 1.0.21...
GHSA-H58V-C6RF-G9F7 Cross site scripting in the system log
Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...
Cross site scripting in the system log
Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...
Cross-site Scripting (XSS)
contao/core-bundle is vulnerable to cross site scripting. The vulnerability exists due to an insecure tllog table which will execute injected code in the browser when the system log is called in the back end...
CVE-2021-35210
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...
Design/Logic Flaw
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...
CVE-2021-35210
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...
Contao 跨站脚本漏洞
Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that allows an attacker to inject code into the tllog table, which will be executed in th...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
Design/Logic Flaw
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
pcs bug fix and enhancement update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Bug Fixes and Enhancements: Pcsd logs to system log by mistake BZ1919318...
CVE-2020-8356
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...
CVE-2021-1283
A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...
Design/Logic Flaw
A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...
CVE-2021-1283
Cisco Data Center Network Manager (DCNM) is affected by an information-disclosure vulnerability in its logging subsystem. The issue arises because sensitive data is not properly masked before being written to system log files, allowing an authenticated, local attacker with valid credentials to vi...