CVE-2023-32087

CVE-2023-32087 affects Pegasystem PEGA Platform versions 8.1 to Infinity 23.1.0, with a cross-site scripting (XSS) vulnerability during task creation. The issue is documented across multiple sources (NVD, Red Hat, PRION, CVE lists, CNNVD) and is described as an XSS in the task creation flow. The ...

CVE-2023-32087

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation...

CVE-2023-32087

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation...

Pegasystem PEGA Platform Cross-Site Scripting Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-time Decision Making and CRM Customer Relationship Management. A security vulnerabilit...

CVE-2023-37264

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

CVE-2023-37264 Pipelines do not validate child UIDs

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

CVE-2023-26061

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in versions prior to Nokia NetAct 22 FP2211, which stems from a lack of input validation during the creation of scheduled tasks...

The vulnerability of the Alarm Reports Dashboard, a component of the NetAct network management system, allows a violator to perform cross-site scenario attacks.

The vulnerability of the Alarm Reports Dashboard of the NetAct network management system is related to insufficient protection of the website structure during task creation. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

SUSE CVE-2010-1488

The procoomscore function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation...

Infection and Evolution of the GOOTLOADER Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk an...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to incorrect authentication, allows a perpetrator to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the possibility of adding metadata during the creation of a task by an unauthorized user. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...

White Shark System (WSS) Sensitive Information Disclosure Vulnerability (CNVD-C-2021-1528)

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A sensitive information disclosure vulnerability exis...

CVE-2020-20467

White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...

CVE-2020-20467

White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...

White Shark System 安全漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A sensitive information disclosure vulnerability exis...

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

CVE-2010-1488

The procoomscore function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation...