Lucene search
K

4195 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/08/09 1:42 p.m.19 views

Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform FTM CPS. Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable...

5.9CVSS1.9AI score0.37618EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/09 1:4 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform FTM CPS. Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the...

9.8CVSS1.6AI score0.02744EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/09 12:31 p.m.18 views

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790)

Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit...

8.8CVSS1.3AI score0.00527EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/08/08 1:15 p.m.3 views

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

5.5CVSS5.8AI score0.01089EPSS
Exploits1References2
NVD
NVD
added 2019/08/08 1:15 p.m.31 views

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

5.5CVSS5.5AI score0.01089EPSS
Exploits1References2
Prion
Prion
added 2019/08/08 1:15 p.m.27 views

Design/Logic Flaw

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

4.3CVSS5.5AI score0.01089EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/08/08 12:56 p.m.50 views

CVE-2018-19855

CVE-2018-19855 affects UiPath Orchestrator versions prior to 2018.3.4. The vulnerability is described as a CSV Injection related to the Audit export, Robot log export, and Transaction log export features. Supported connected sources reiterate the same impact and affected version line; no addition...

5.5CVSS5.5AI score0.01089EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/08/08 12:56 p.m.31 views

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

5.5AI score0.01089EPSS
Exploits1References2
Kitploit
Kitploit
added 2019/08/06 1:0 p.m.59 views

Theo - Ethereum Recon And Exploitation Tool

Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning...

7.4AI score
Exploits0References7
Veracode
Veracode
added 2019/08/06 6:54 a.m.19 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in transaction description field and in asset account name, allowing an attacker to inject malicious script in a convert transaction to get executed upon ...

6.1CVSS3.5AI score0.01327EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2019/08/06 6:9 a.m.13 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in liability name field, allowing an attacker to inject malicious script in a transaction to get executed upon an error condition during a visit to the...

5.4CVSS3.4AI score0.00744EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/08/06 12:0 a.m.3 views

Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30450)

Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.3. The vulnerability stems from a lack of filtering of user-supplied data in the transaction description field. An attacker can exploit this...

5.4CVSS6.2AI score0.00762EPSS
Exploits1References1
NVD
NVD
added 2019/08/05 8:15 p.m.18 views

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

6.1CVSS6.1AI score0.01327EPSS
Exploits1References3
NVD
NVD
added 2019/08/05 8:15 p.m.11 views

CVE-2019-14668

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link...

5.4CVSS5.3AI score0.00762EPSS
Exploits1References2
OSV
OSV
added 2019/08/05 8:15 p.m.9 views

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

6.1CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2019/08/05 8:15 p.m.9 views

CVE-2019-14668

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link...

5.4CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2019/08/05 8:15 p.m.17 views

Cross site scripting

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

4.3CVSS6AI score0.01327EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/08/05 7:23 p.m.22 views

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

6.1AI score0.01327EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/08/05 7:23 p.m.12 views

CVE-2019-14668

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link...

5.3AI score0.00762EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/08/05 5:14 p.m.17 views

New Relic: Stored XSS at APM transaction map (transactionName field)

Hey team, You've recently fixed my previous report about transaction map stored XSS 549084 and the fix is correct, I wasn't successful with finding a bypass. But I've discovered another vulnerable transaction map field transactionName. An attacker can inject a payload inside this field and then,...

0.1AI score
Exploits0
Rows per page
Query Builder