4195 matches found
Security Bulletin: A vulnerability in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform FTM CPS. Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform FTM CPS. Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the...
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790)
Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit...
CVE-2018-19855
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...
CVE-2018-19855
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...
Design/Logic Flaw
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...
CVE-2018-19855
CVE-2018-19855 affects UiPath Orchestrator versions prior to 2018.3.4. The vulnerability is described as a CSV Injection related to the Audit export, Robot log export, and Transaction log export features. Supported connected sources reiterate the same impact and affected version line; no addition...
CVE-2018-19855
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...
Theo - Ethereum Recon And Exploitation Tool
Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning...
Cross-site Scripting (XSS)
grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in transaction description field and in asset account name, allowing an attacker to inject malicious script in a convert transaction to get executed upon ...
Cross-site Scripting (XSS)
grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in liability name field, allowing an attacker to inject malicious script in a transaction to get executed upon an error condition during a visit to the...
Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30450)
Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.3. The vulnerability stems from a lack of filtering of user-supplied data in the transaction description field. An attacker can exploit this...
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14668
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link...
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14668
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link...
Cross site scripting
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14667
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...
CVE-2019-14668
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link...
New Relic: Stored XSS at APM transaction map (transactionName field)
Hey team, You've recently fixed my previous report about transaction map stored XSS 549084 and the fix is correct, I wasn't successful with finding a bypass. But I've discovered another vulnerable transaction map field transactionName. An attacker can inject a payload inside this field and then,...