CVE-2023-39598

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter...

CVE-2023-39598

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter...

Cross site scripting

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter...

CVE-2023-39598

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter...

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from the Czech company Icewarp. A security vulnerability exists in IceWarp WebClient version v.10.2.1, which can be exploited by a remote attacker to execute arbitrary code via a well-constructed payload that is passed to the mid...

CVE-2023-39598

IceWarp WebClient 10.2.1 is affected by CVE-2023-39598: a Cross Site Scripting vulnerability that enables an attacker to run arbitrary script in the victim’s browser by crafting a payload to the mid parameter. The Nuclei template notes potential impacts such as session hijacking, defacement, or s...

PT-2023-5329 · Icewarp · Icewarp Webclient

Name of the Vulnerable Software and Affected Versions: IceWarp Corporation WebClient version 10.2.1 Description: The issue is related to a Cross Site Scripting vulnerability that allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. This can enable the...

CVE-2023-22039

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: WebClient. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human...

Design/Logic Flaw

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: WebClient. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human...

CVE-2023-22039

Oracle Agile PLM (Oracle Supply Chain) WebClient vulnerability CVE-2023-22039 affects version 9.3.6. The issue in WebClient allows a low-privilege attacker with HTTP network access and user interaction to read and modify data, potentially causing unauthorized updates, inserts or deletes, and read...

Oracle Supply Chain Products Suite 安全漏洞

Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle Oracle. The product provides value chain planning, value chain execution, and product lifecycle management capabilities. Oracle Supply Chain's Oracle Agile PLM product has a security vulnerability that originates in...

PT-2023-4032 · Oracle · Oracle Agile Plm

Name of the Vulnerable Software and Affected Versions: Oracle Agile PLM version 9.3.6 Description: The issue is related to errors in processing input data in the WebClient component of Oracle Agile PLM. This can allow a remote attacker to gain read, modify, add, or delete access to data. Successf...

New in Spring 6.1: RestClient

Spring Framework 6.1 M2 introduces the RestClient, a new synchronous HTTP client. As the name suggests, RestClient offers the fluent API of WebClient with the infrastructure of RestTemplate. Fourteen years ago, when RestTemplate was introduced in Spring Framework 3.0, we quickly discovered that...

This Week in Spring - June 27th, 2023

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I am in Seoul talking to developers about the latest-and-greatest in Spring Boot 3! There's so much great stuff coming, and so much great stuff already. There are a few things I'm super excited about. First, yesterda...

Cross site scripting

SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting...

CVE-2023-30742

Summary: CVE-2023-30742 is a stored XSS in SAP CRM (WebClient UI) affecting SAP CRM WebClient UI components: S4FND 102–107 and WEBCUIF 700–801. The root cause is insufficient encoding of user-controlled inputs, allowing an attacker to store a malicious URL and lure a victim into clicking it, exec...

CVE-2023-30742 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting...

Cross site scripting

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS...

CVE-2023-29188

The CVE-2023-29188 issue affects SAP CRM WebClient UI and related components: SAPSCORE 129, S4FND 102–107, WEBCUIF 701–801. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs. Successful exploitation could allow a user with normal acce...

CVE-2023-29189

SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...