PT-2024-13068 · Clarisa · Filemaker Server

Name of the Vulnerable Software and Affected Versions: FileMaker Server versions prior to 20.3.1 Description: The issue potentially exposed password information to front-end websites when signed in to the Admin Console with an administrator role. This was resolved by eliminating the send of Admin...

CVE-2022-4966

A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to...

CVE-2022-4966

A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to...

CVE-2022-4966 sequentech admin-console Election Description cross site scripting

A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to...

CVE-2022-4966

CVE-2022-4966 affects sequentech admin-console up to version 6.1.7, impacting the Election Description Handler component. The issue enables cross-site scripting and can be exploited remotely. A fix is available in version 7.0.0-beta.1 (patch 0043a6b1e6e0f5abc9557e73f9ffc524fc5d609d); upgrading th...

admin-console 跨站脚本漏洞

admin-console is a Sequent open source Agora core view management interface. A cross-site scripting vulnerability exists in admin-console version 6.1.7 and earlier. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

PT-2024-11904 · Sequentech · Sequentech Admin-Console

Name of the Vulnerable Software and Affected Versions: sequentech admin-console versions up to 6.1.7 Description: A vulnerability was found in the Election Description Handler component of sequentech admin-console, which can be exploited to lead to cross site scripting. The attack may be launched...

Service Continuity doesn't work on CWA ChromeOS version 2312 or older

Service Continuity doesn’t work when using Citrix Workspace App for ChromeOS version 2312 or older. The Service Continuity banner doesn’t show up in case of Cloud outages on Citrix Workspace App for Chrome OS. This occurs even when Service Continuity is enabled via Google Admin Console for the...

CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests...

CVE-2023-42954

CVE-2023-42954 describes a privilege-escalation vulnerability in FileMaker Server prior to 20.3.1. When signed in to the Admin Console with an administrator role, an attacker could potentially access more sensitive information via front-end websites. The issue is mitigated by the 20.3.1 update, w...

CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests...

CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests...

CVE-2023-41877

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

GHSA-8G7V-VJRC-X4G5 GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-41877 GeoServer log file path traversal vulnerability

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

PT-2024-13006 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.23.4 and prior Description: A path traversal vulnerability requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin...

BIT-WILDFLY-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity...

BIT-MAGENTO-2021-21014 Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution

Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

BIT-MAGENTO-2021-21015 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution

Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required fo...