CVE-2019-12139

An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4...

CVE-2019-12139

CVE-2019-12139 describes a cross-site scripting (XSS) vulnerability in the Admin UI of eZ Platform 2.x. Affected components include ezplatform-admin-ui (1.3.x before 1.3.5; 1.4.x before 1.4.4) and ezplatform-page-builder (1.1.x before 1.1.5; 1.2.x before 1.2.4). The issue is caused by improper es...

eZ Platform Admin UI Cross-Site Scripting Vulnerability

eZ Platform is an open source enterprise content management system CMS. admin UI is one of the back-end management interface . A cross-site scripting vulnerability exists in the Admin UI in eZ Platform version 2.x, which can be exploited by an attacker to execute client-side code...

EZSA-2019-001 XSS in Admin UI

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-001-xss-in-admin-ui...

Cross-site Scripting (XSS)

github.com/fabiolb/fabio is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the value of path and val in admin/ui/manual.go are not sanitized and can be used to inject arbitary Javascript into a victim's browser...

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username...

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vulnerability

KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and lib/list/getCSVData.js Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contac...

ForgeRock OpenIDM Admin UI Cross-Site Scripting Vulnerability (CNVD-2017-30829)

ForgeRock OpenIDM is an extensible set of identity management tools for managing identity lifecycle and provisioning issues. A cross-site scripting vulnerability in the ForgeRock OpenIDM Admin UI allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which c...

CVE-2017-7591

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting XSS attacks within the Admin UI, as demonstrated by the sortKeys parameter to the authzRoles script under managed/user/...

Cross site scripting

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting XSS attacks within the Admin UI, as demonstrated by a crafted Managed Object Name...

Cross site scripting

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting XSS attacks within the Admin UI, as demonstrated by the sortKeys parameter to the authzRoles script under managed/user/...

CVE-2017-7590

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting XSS attacks within the Admin UI, as demonstrated by a crafted Managed Object Name...

CVE-2017-7590

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting XSS attacks within the Admin UI, as demonstrated by a crafted Managed Object Name...

CVE-2017-7591

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting XSS attacks within the Admin UI, as demonstrated by the sortKeys parameter to the authzRoles script under managed/user/...

CVE-2017-7591

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting XSS attacks within the Admin UI, as demonstrated by the sortKeys parameter to the authzRoles script under managed/user/...

CVE-2017-7591

OpenIDM versions 4.0.0 and 4.5.0 are affected by a reflected cross-site scripting (XSS) vulnerability in the Admin UI, reachable via the _sortKeys parameter to the authzRoles script under managed/user/. The root cause is an reflected XSS in the Admin UI input handling, enabling an attacker-suppli...

CVE-2017-7590

ForgeRock OpenIDM Admin UI (versions 4.0.0 and 4.5.0) is vulnerable to persistent cross-site scripting (XSS) via a crafted Managed Object Name, allowing script injection in the Admin UI. This label is supported by multiple sources (NVD/CVE-2017-7590 description; CNVD-2017-30828; OSV/PRION entries...

CVE-2017-7590

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting XSS attacks within the Admin UI, as demonstrated by a crafted Managed Object Name...

CVE-2016-0733

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username...

CVE-2016-0733

The CVE covers Apache Ranger’s Admin UI prior to 0.5.1, where authentication requests lacking a password are mishandled. The root cause is improper handling of credentials in the Admin UI authentication logic, allowing remote attackers to bypass login by leveraging a known valid username. Reporte...