PT-2024-11574 · Nuki Home Solutions · Nuki Bridge

Name of the Vulnerable Software and Affected Versions: Nuki Bridge versions 1.0.0 through 1.21.0 Nuki Bridge versions 2.0.0 through 2.13.1 Description: An issue was discovered on certain Nuki Home Solutions devices, where the HTTP API exposed by a Bridge used an unencrypted channel to provide an...

CVE-2024-3192

A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2024-3192

A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2024-3192 MailCleaner Admin Interface cross site scripting

A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2024-3192

MailCleaner up to 2023.03.14 is affected by a cross-site scripting vulnerability in the Admin Interface. The issue arises from manipulation within the Mail Message, enabling remote exploitation. Public exploit is available and a patch is recommended to fix the issue. The CVE entry includes multip...

CVE-2024-3192 MailCleaner Admin Interface cross site scripting

A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2024-3255

A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/editadminquery.php. The manipulation of the argument username/password/name/adminid leads to sql injection. It is possible to...

Progress Flowmon 操作系统命令注入漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. A security vulnerability in Progress Flowmon version 11.x prior to 11.1.14 and version 12.x prior to 12.3.5 stems from an operating system command injection vulnerability that could allow an unauthenticated user to...

CVE-2024-2766

A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...

CVE-2024-2683

A vulnerability classified as problematic was found in Campcodes Online Job Finder System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/company/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be launched remotely...

PT-2024-2347 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U version 15.03.06.49 Description: The issue is related to a stack-based buffer overflow in the Tenda AC10U router's firmware, specifically affecting the function formSetFirewallCfg /goform/SetFirewallCfg and formSetDeviceName of th...

BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

Cross-site Scripting (XSS)

Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via filter functions. An attacker can obtain sensitive information from the application using this package, including...

PT-2024-21340 · Aruba · Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an...

ClearPass Policy Manager Security Vulnerability

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager that originates in the web-based administration interface that allows an...

Cross site scripting

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

PT-2024-18078 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.5 Description: Reflected cross-site scripting issues have been identified on various user-supplied inputs on the WS FTP Server administrative interface. Recommendations: For WS FTP Server versions prior to...

Cross-site Scripting (XSS)

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Cross-site Scripting XSS through the admin interface. An attacker with administrative privileges can inject malicious scripts into every admin page,...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the admin interface. An attacker with administrative privileges can inject malicious scripts into every admin page, which may be executed i...

Cross-site Scripting (XSS)

Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via specially crafted GET request parameters handled by any of the following endpoints of the "admin" web UI: /changelogs,...