CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

Cross site scripting

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

PT-2023-28019 · Grupposcai · Grupposcai Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component allow attackers to execute arbitrary Javascript in the context of a victim user's browser vi...

CVE-2023-41642

CVE-2023-41642 affects GruppoSCAI RealGimm 1.1.37p38 and its ErroreNonGestito.aspx component. The issue is multiple reflected XSS vulnerabilities that allow an attacker to inject arbitrary JavaScript into a victim’s browser by crafting a payload in the VIEWSTATE parameter. Root cause is improper ...

The vulnerability of the ASP.NET Viewstate component of the production process management software ABB eSOMS allows a hacker to disclose protected information.

The vulnerability of the ASP.NET Viewstate component of the ABB eSOMS production process management software is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

SUSE CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

ASP.NET ViewState Remote Code Execution

The ViewState is a parameter specific to the ASP.NET framework, it's used as a breadcrumb trail when the user navigates the application preserving values and controls between different web pages. Present on the pages in the viewstate parameter, all the values are serialized and encoded in base64 ...

CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...

CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...

CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...

Remote code execution

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...

CVE-2022-30422

Planet Time Enterprise by Proietti Tech Srl (versions 4.2.0.1, 4.2.0.0, 4.1.0.0, 4.0.0.0, 3.3.1.0, 3.3.0.0) is affected by CVE-2022-30422 due to a remote code execution vulnerability originating from the Viewstate parameter. The Red Hat, NVD, and CVE records consistently describe this as a remote...

CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...

Proietti Tech srl Planet Time Enterprise 信任管理问题漏洞

Proietti Tech Srl Proietti Tech srl Planet Time Enterprise is an attendance management software from Proietti Tech Srl, Italy. It facilitates human resource management through process automation and process simplification, making information available in real time. A security vulnerability exists...

Checkbox Survey 6.12 <= 6.18 RCE

Checkbox Survey is an ASP.NET application that can add survey functionality to a website. Prior to version 7.0, Checkbox Survey implements its own View State functionality by accepting a VSTATE argument, which it then deserializes using LosFormatter. Because this data is manually handled by the...

GHSA-X7RC-4GQW-3Q6Q Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...

Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...