1114 matches found
CVE-2021-28567
The CVE-2021-28567 entry concerns Magento Commerce/Open Source with an Improper Authorization flaw in the customers module. Affected versions include Magento 2.4.2 and earlier, 2.4.1-p1 and earlier, and 2.3.6-p1 and earlier. The vulnerability allows a low-privileged user to modify customer data, ...
The vulnerability of the Admin Console console for Oracle WebLogic Server applications allows attackers to execute cross-site scripting attacks.
The vulnerability of the Admin Console console of Oracle WebLogic Server applications relates to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2021-35450
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute...
Sql injection
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute...
CVE-2021-35450
CVE-2021-35450 concerns a Server Side Template Injection in the Entando Admin Console, affecting version 6.3.9 and earlier. The flaw allows a user with privileges to trigger FreeMarker template execution via freemarker.template.utility.Execute, potentially enabling command execution. According to...
CVE-2021-35450
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute...
Entando Admin Console注入漏洞
entando-admin-console is a software application. This project generates an older version of the Entando Admin Console and its required services. A security vulnerability exists in Entando Admin Console 6.3.9 that allows a privileged user to execute a FreeMarker template via the FreeMarker...
CVE-2020-10590
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port 8800 on the Replicated Classic server could retrieve the TLS Keypair Cert and Key used to configure...
CVE-2020-10590
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port 8800 on the Replicated Classic server could retrieve the TLS Keypair Cert and Key used to configure...
Replicated 信息泄露漏洞
Replicated is a management software from Replicated, Inc. in the United States. It provides software vendors with a container-based platform for rapidly deploying cloud-native applications in customer environments to provide greater security and control. A security vulnerability exists in...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
CVE-2021-31222
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed...
CVE-2021-31222
SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed...
CVE-2021-31221
The vulnerability CVE-2021-31221 affects Stormshield SES Evolution prior to version 2.1.0. Affected component is the SES Evolution security policy handling, where an attacker with access to a workstation running the administration console can delete parts of the security policy due to a likely au...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 8 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 6 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...