PT-2021-2185 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to XML injection in the Widgets module of Magento. Successful exploitation could lead to arbitrary...

UBUNTU-CVE-2020-13947

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0...

PT-2021-9682 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions 5.15.12 through 5.16.0 Description: A cross-site scripting issue was found in the web-based administration console, specifically on the message.jsp page. Recommendations: For Apache ActiveMQ versions 5.15.12 through...

The vulnerability of Oracle iPlanet web server, which exists due to the failure to take measures to eliminate special elements, allows attackers to inject images into the administration console.

The vulnerability of Oracle iPlanet web servers exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to inject images into the administration console through the productNameSrc parameter in the URI admingui...

Fork CMS Authorization Issues Vulnerability

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A security vulnerability exists in the Admin console in Fork CMS version 5.8.3, which stems from a lack of authentication measures or...

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

CVE-2020-23960

CVE-2020-23960 is documented across multiple connected records as a set of multiple CSRF vulnerabilities in the ForkCMS Admin Console prior to version 5.8.3. The issues allow remote attackers to perform unauthorized administrator actions such as approving large user comment queues, restoring dele...

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

Fork CMS 跨站请求伪造漏洞

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A security vulnerability exists in the Admin console in Fork CMS version 5.8.3, which stems from a lack of authentication measures or...

Hyland Enterprise Search 11.2.2 Cross Site Scripting

The admin console's event viewer displays logged event data inside of tags. An attack string like "alert'hi'" in any place across Enterprise Search that will cause an error, like instead of a number or for the username on the login page or through the new Federated Authentication, will then be...

SolarWinds N-Central 信任管理问题漏洞

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

CVE-2020-15259

ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to th...

Security Bulletin: WebSphere Application Server Admin Console is vulnerable to a directory traversal vulnerability (CVE-2020-4782)

Summary WebSphere Application Server Admin Console is vulnerable to a directory traversal vulnerability. This has been addressed. Vulnerability Details CVEID: CVE-2020-4782 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attack...

IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.11 XSS (CVE-2019-4030)

The IBM WebSphere Application Server running on the remote host is version 8.5.0.x prior to 8.5.5.15 or 9.0.0.x prior to 9.0.0.11. It is, therefore, affected by a cross-site scripting vulnerability in the Admin Console due to improper input validation. An authenticated, remote attacker can exploi...

IBM WebSphere Application Server 8.5.x < 8.5.5.16 / 9.0.x < 9.0.5.0 XSS (CVE-2019-4271)

The IBM WebSphere Application Server running on the remote host is version 8.5.0.x prior to 8.5.5.16 or 9.0.x prior to 9.0.5.0. It is, therefore, affected by a cross-site scripting vulnerability in the WebSphere Application Server Admin Console due to improper validation of user-supplied input...

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

CVE-2020-4703

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188...