97 matches found
CVE-2024-34105
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...
CVE-2024-34105 Stored Cross Site Scripting in Order Comment
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...
CVE-2024-34105 Stored Cross Site Scripting in Order Comment
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...
CVE-2024-34105
CVE-2024-34105 concerns Adobe Commerce/Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The issue is a stored Cross-Site Scripting (XSS) in order form fields that an admin attacker can abuse to inject malicious scripts, which may execute in a victim’s browser when loa...
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse...
GHSA-264G-F7V8-Q5QQ Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse...
CVE-2023-7074 WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF
The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-4589
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital...
Information Disclosure
flaskappbuilder is vulnerable to Information Disclosure. The vulnerability exists in the crud operator functions in interface.py due to log messages which are not properly sanitized during database errors, allowing an admin authenticated attacker to gain access to sensitive user information such ...
Directory traversal
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable...
CVE-2023-23692
Dell EMC prior to version DDOS 7.9 contains an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable...
CVE-2022-39057
RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...
PT-2022-5136 · Dell · Dell Wyse Thinos
Name of the Vulnerable Software and Affected Versions: Dell Wyse ThinOS version 2205 Description: The issue is related to the use of a regular expression with inefficient computational complexity in the UI of Dell Wyse ThinOS. This could allow a remote attacker to cause a denial-of-service. An...
CVE-2022-22125
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...
CVE-2022-22125
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...
Cross site scripting
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...
CVE-2019-19894
In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker non-admin can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP...