CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

Ignite Realtime Openfire 路径遍历漏洞

Ignite Realtime Openfire is Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server . It is able to build efficient instant messaging server , and supports tens of thousand...

GHSA-GW42-F939-FHVM Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

The vulnerability of the administrator consoles of microprogrammed software for wireless signal amplifiers from D-Link’s DCH-M225 allows a intruder to execute arbitrary commands.

The vulnerability of the administrator consoles of microprogrammed software for D-Link DCH-M225 wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the “media renderer” parameter in the...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

Summary IBM WebSphere Application Server is vulnerable to cross site scripting in the Admin Console. This has been addressed in the remediation section below. Vulnerability Details CVEID:CVE-2023-24966 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-26283)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-24966)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the Admin Console CVE-2023-24966 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console CVE-2023-24966 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console - CVE-2023-26283

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console . An attacker can manipulate the admin console help link to execute javascriptFollowing IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this...

CVE-2023-24724

A stored cross site scripting XSS vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface SASAdmin. F...

Cross site scripting

A stored cross site scripting XSS vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface SASAdmin. F...

SAS Admin Console 跨站脚本漏洞

Sas Institute SAS Admin Console is an advanced analytics and business intelligence platform from Sas Institute, Inc. A security vulnerability exists in SAS Admin Console version 9.4, which stems from insufficient validation and cleaning of data entry for user-created and edited form fields...

CVE-2023-24724

A stored XSS vulnerability was identified in the SAS Admin Console (SAS Web Administration interface, SASAdmin). The issue resides in the user management module, arising from insufficient validation and sanitization of data entered in the user creation and editing forms. Affected product releases...

CVE-2023-24724

A stored cross site scripting XSS vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface SASAdmin. F...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-26283)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the Admin Console CVE-2023-26283 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console CVE-2023-26283 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

CVE-2023-26284

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417...

Keycloak vulnerable to Cross-site Scripting

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability. Details This issue is the result of code found in the exception here:...