CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

CVE-2009-1082

Sun Java System Identity Manager IdM 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and...

Security Update for Trend Micro Trend Vision One (April 2025)

Overview Trend Micro Incorporated has released the security update for the administration console of Trend Vision One. This update addressed the following vulnerabilities: CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286 Trend Micro Incorporated reported these...

CVE-2024-50960

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 =3.01, SMP 351 =2.16, SMP 352 = 2.16, and SME 211 = 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system...

Keycloak allows cross-site scripting (XSS)

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...

GHSA-Q4XQ-445G-G6CH Keycloak allows cross-site scripting (XSS)

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...

CVE-2024-4028

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...

CVE-2024-4028

CVE-2024-4028 affects Keycloak. The issue allows a privileged attacker to supply a malicious payload as a permission during admin-console item (Resource/Permissions) creation, resulting in stored XSS. Description and related entries consistently describe this XSS path; exploitation details are no...

CVE-2024-4028 Keycloak-core: stored xss in keycloak when creating a items in admin console

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...

CVE-2024-4028 Keycloak-core: stored xss in keycloak when creating a items in admin console

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items Resource and Permissions from the admin console, leading to a stored cross-site scripting XSS attack...

PT-2025-6673 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: KeyCloak affected versions not specified Description: A issue was found in KeyCloak that may allow a privileged attacker to use a malicious payload as the permission while creating items from the admin console, leading to a stored cross-site...

CVE-2024-47908

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

EUVD-2025-4980

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

PT-2025-6241 · Ivanti · Ivanti Csa

Name of the Vulnerable Software and Affected Versions: Ivanti CSA versions prior to 5.0.5 Description: The issue allows a remote authenticated attacker with admin privileges to achieve remote code execution through OS command injection in the admin web console. Recommendations: For Ivanti CSA...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11772

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-45073)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...