Apache Solr Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL...

GHSA-4FXW-G29W-R8MX Apache Solr Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL...

Privilege Escalation

sulu/sulu is vulnerable to local privilege escalation. The vulnerability exists because it does not properly handle subset in the admin UI allowing an authorized user to access confidential information...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in custom tags allowing an attacker to inject and execute malicious javascript...

CVE-2021-38179

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials...

CVE-2021-38179

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials...

Design/Logic Flaw

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials...

CVE-2021-38179

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials...

New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. "Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote...

GHSA-6R3P-FCVM-XH7C SSRF vulnerability in Apache Airflow

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

Server side request forgery (ssrf)

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

Security Bulletin: A security bypass vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server

Summary A security bypass vulnerability in Apache Solr lucene used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2020-13957 DESCRIPTION: Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the...

Tenda AC18 Remote Code Execution Vulnerability

Ac18 is a wireless router from Tenda. A remote code execution vulnerability exists in the Tenda AC18. The vulnerability stems from incorrect authentication handling of the logincheck function in the /usr/lib/lua/ngxauthserver/ngxwdas.lua file when the administrator UI is set to "radius". An...

CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI...

CVE-2019-19118

CVE-2019-19118 affects Django Framework: versions 2.1 before 2.1.15 and 2.2 before 2.2.8. The issue arises in the admin inline editing UI: if a user has view permissions on a parent model but edit permissions on the inline model, the UI could allow POST requests to update the inline model, while ...

Node.js third-party modules: Stored XSS (Hexo-admin plugin)

I would like to report Stored XSS in Hexo-admin It allows The Post editor functionality in the hexo-admin plugin 3.9.0 for Node.js is vulnerable to stored XSS via the content of a post. Module module name: Hexo-admin version: 3.9.0 npm page: https://www.npmjs.com/package/hexo-admin Module...

CVE-2018-10948

The vulnerability CVE-2018-10948 affects Synacor Zimbra Collaboration Suite’s Admin UI (Zimbra Admin UI) in versions before 8.8.0 beta 2, where a Persistent XSS exists via mail addrs. The connected Red Hat/NVD entries confirm the issue is a stored XSS in the Admin UI affected component, but the a...

CVE-2019-12139

An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4...

CVE-2019-12139

An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4...

Cross site scripting

An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4...