1332 matches found
Cross site scripting
A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some...
Cross site scripting
A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to...
CVE-2019-12668
Cisco IOS and IOS XE Software contain a stored cross-site scripting (XSS) vulnerability in the web framework banner handling. An authenticated, remote attacker can craft and save a banner parameter to trigger XSS in the web interface, potentially executing script code or exposing browser-based in...
CVE-2019-12667
CVE-2019-12667 affects Cisco IOS XE Software with stored XSS in the web interface’s web framework due to insufficient input validation of parameters. An authenticated user could be targeted by phishing or spoofed requests to inject script, potentially executing code in the browser context or acce...
Cisco IOS and IOS XE Software Stored Banner Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to...
jenkins: Unauthorized view fragment access (SECURITY-534)
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
Fedora Update for python-django FEDORA-2019-647f74ce51
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
The vulnerability of the Cisco Unified Communications Manager web framework allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Cisco Unified Communications Manager web framework is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially created...
PYSEC-2019-84
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
Django input validation error vulnerability (CNVD-2019-35879)
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. An input validation error vulnerability exists in Django. An attacker can exploit this vulnerabili...
Jenkins < 2.176.2 LTS / 2.186 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.186 or is a version of Jenkins LTS prior to 2.176.2. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file write vulnerability exists due to an incomplete fix for SECURITY-1074, the improper validation of...
CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
Information disclosure
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
CVE-2019-10354
This CVE affects Jenkins: the Stapler web framework used by Jenkins up to 2.185 (and LTS up to 2.176.1) permits an authenticated attacker to directly access view fragments, bypassing permission checks and potentially exposing sensitive information. The underlying issue is improper access control ...
CVE-2019-10354
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
PT-2019-11752 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.185 and earlier, LTS 2.176.1 and earlier Description: A vulnerability in the Stapler web framework allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
[SECURITY] Fedora 30 Update: python-django-2.1.10-1.fc30
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
The vulnerability of the ASP.NET Core software platform, related to errors in request processing, allows a hacker to cause a service failure.
The vulnerability of the ASP.NET Core software platform is related to errors in request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted requests to the ASP.NET Core application...