Lucene search
K

151 matches found

NVD
NVD
added 2020/11/27 4:15 a.m.15 views

CVE-2020-29144

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or...

5.4CVSS5.2AI score0.0055EPSS
Exploits1References1
Prion
Prion
added 2020/11/27 4:15 a.m.21 views

Cross site scripting

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or...

3.5CVSS5.2AI score0.0055EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/11/27 3:35 a.m.20 views

CVE-2020-29144

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or...

5.3AI score0.0055EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/11/26 12:0 a.m.4 views

Ericsson BSCS iX R18 Billing & Rating Cross-Site Scripting Vulnerability

Ericsson Ericsson BSCS iX R18 Billing & Rating is a web platform for telecom billing from Ericsson, Sweden. Ericsson BSCS iX R18 Billing & Rating iX R18 suffers from a cross-site scripting vulnerability that originates in the ADMX web base module and is susceptible to stored XSS via the name or...

5.4CVSS5.9AI score0.0055EPSS
Exploits1References2
NVD
NVD
added 2020/10/26 4:15 p.m.19 views

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

5.4CVSS0.00614EPSS
Exploits0References1
OSV
OSV
added 2020/10/26 4:15 p.m.3 views

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

5.4CVSS5.8AI score0.00614EPSS
Exploits0References1
Prion
Prion
added 2020/10/26 4:15 p.m.13 views

Cross site scripting

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

3.5CVSS5.2AI score0.00614EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/26 3:35 p.m.24 views

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

5.2AI score0.00614EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.38 views

Amazon Linux AMI : squid (ALAS-2020-1386)

The version of squid installed on the remote host is prior to 3.5.20-15.39. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1386 advisory. An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gai...

9.8CVSS7.2AI score0.74477EPSS
Exploits1References9
Wallarm Lab
Wallarm Lab
added 2020/06/03 7:56 p.m.63 views

Yii2 Gii Remote Code Execution

This article is written specifically for web developers who use a module. We will tell you how we got access to sensitive data on a staging server through Yii2 Gii Remote Code: First to the testing environment, and then to the production. Spoiler: We have notified the module developer about the...

4.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.36 views

Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is bundled by IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...

7.5CVSS0.1AI score0.95821EPSS
Exploits4Affected Software2
CNVD
CNVD
added 2019/11/06 12:0 a.m.3 views

PhantomJS Arbitrary File Read Vulnerability

PhantomJS is a headless browser for automating web interactions. A security vulnerability exists in the 'page.open' function of the web module in PhantomJS 2.1.1 and earlier versions. The vulnerability can be exploited by an attacker to read arbitrary files on the file system with the help of...

7.5CVSS6.6AI score0.03424EPSS
Exploits1References1
OSV
OSV
added 2019/07/15 2:38 p.m.7 views

USN-4059-1 squid, squid3 vulnerabilities

It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-19132 It was discovered that Squid incorrect...

6.1CVSS6.6AI score0.74477EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2019/07/08 6:22 a.m.38 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS4.1AI score0.74477EPSS
Exploits1References3
NVD
NVD
added 2019/07/05 4:15 p.m.18 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS6.6AI score0.74477EPSS
Exploits1References15
Prion
Prion
added 2019/07/05 4:15 p.m.28 views

Design/Logic Flaw

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

4.3CVSS6AI score0.74477EPSS
Exploits1References15Affected Software2
AlpineLinux
AlpineLinux
added 2019/07/05 3:45 p.m.41 views

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS7.9AI score0.74477EPSS
Exploits1
OSV
OSV
added 2019/07/05 12:0 a.m.3 views

UBUNTU-CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter...

6.1CVSS6.5AI score0.74477EPSS
Exploits1References5
0day.today
0day.today
added 2019/05/21 12:0 a.m.232 views

GAT-Ship Web Module 1.30 Information Disclosure Vulnerability

Exploit for multiple platform in category web applications GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...

7.4AI score
Exploits0
NVD
NVD
added 2019/05/17 9:29 p.m.11 views

CVE-2019-12163

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

5.3CVSS5.1AI score0.02771EPSS
Exploits1References3
Rows per page
Query Builder