EUVD-2023-48450

Malicious code in bioql PyPI...

CVE-2024-12992 Remote Code Execution leads to Command Injection

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6...

CVE-2024-12971

CVE-2024-12971 affects Pandora FMS versions 700–777.6. The issue is an OS command injection caused by improper neutralization of special elements in commands, enabling execution of arbitrary commands. Public exploitation is demonstrated by a Metasploit module that requires admin access to Pandora...

CVE-2024-35308

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through 777.3...

PandoraFMS Security Vulnerability

PandoraFMS is an application from PandoraFMS USA. It provides a monitoring feature. A security vulnerability exists in PandoraFMS versions 700 through 774 that stems from the presence of a cross-site scripting XSS vulnerability...

Artica Pandora FMS Security Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS versions 700 through 774, which stems from the presence of a SQL...

PT-2023-28112 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 774 Description: The issue affects Pandora FMS, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Malicious code could be executed in the File Manager sectio...

PandoraFMS Security Vulnerability

PandoraFMS is an application from PandoraFMS USA. It provides a monitoring feature. A security vulnerability exists in PandoraFMS versions 700 through 774 that stems from the presence of a cross-site scripting XSS vulnerability...

CVE-2023-41811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 throug...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-33986 Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)

SAP CRM ABAP Grantor Management - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the applicatio...

CVE-2021-33675

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...

CVE-2021-33673

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting XSS vulnerability when a user browses through the employee directory and to execute arbitrary code ...

CVE-2021-33674

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability when creating a new email and to execute arbitrary code on the victim's browser...

Cross site scripting

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting XSS vulnerability when a user browses through the employee directory and to execute arbitrary code ...

Cross site scripting

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...

Design/Logic Flaw

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

CVE-2021-33674

CVE-2021-33674 affects SAP Contact Center, version 700. The issue arises because user-controlled inputs are not sufficiently encoded, allowing a reflected XSS when creating a new email, potentially enabling arbitrary code execution in the victim’s browser. Exploitation details are not provided in...

CVE-2021-33672

CVE-2021-33672 affects SAP Contact Center’s Communication Desktop component (v700). The vulnerability arises from missing encoding, allowing an attacker to send a malicious script in a chat message. Once the recipient accepts the message, the script executes in their context; due to ActiveX usage...

CVE-2021-33675

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...