1734 matches found
CVE-2021-22129
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...
CVE-2021-22129
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...
CVE-2021-31925
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface...
Cisco Virtualized Voice Browser 跨站脚本漏洞
Cisco Virtualized Voice Browser is an application from Cisco, Inc. A virtualized voice browser. Cisco Virtualized Voice Browser suffers from a cross-site scripting vulnerability that originates from the web's administrative interface not properly validating user-supplied input. An attacker could...
RabbitMQ跨站脚本漏洞
Pivotal Software RabbitMQ is a suite of open source message broker software from Pivotal Software, USA, that implements the Advanced Message Queuing Protocol AMQP. A cross-site scripting vulnerability exists in RabbitMQ versions prior to 3.8.17, which stems from a cross-site scripting vulnerabili...
CVE-2021-21422
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
CVE-2021-21422
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
CVE-2021-21422
Summary: CVE-2021-21422 affects mongo-express, a Node.js/Express-based MongoDB admin UI. The issue stems from two XSS vectors: (1) when a cell’s content exceeds the supported size, clicking a row reveals the full document unescaped (requires admin interaction); (2) media-like data cells render as...
Lucee Detection (HTTP)
HTTP based detection of Lucee. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.146114";...
CVE-2021-22900
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...
CVE-2021-33561
A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...
PT-2021-4945 · Ivanti · Ivanti Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Ivanti Pulse Connect Secure versions prior to 9.1R11.4 Description: The issue is related to an unrestricted file upload in the administrator web interface of Pulse Connect Secure. This could allow an authenticated administrator to perform a...
GHSA-WQ5H-F9P5-Q7FX Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
Impact When saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with javascript: URLs...
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
Impact When saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with javascript: URLs...
Cross-site Scripting (XSS)
wagtail is vulnerable to cross-site scripting. Lack of proper check for valid URL allows a malicious user with access to the admin interface to send a malicious POST request to publish content with javascript: URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary sit...
VulnCheck KEV: CVE-2020-8243
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution...
CVE-2021-29434
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...
CVE-2021-29434
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...
PYSEC-2021-114
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...
Code injection
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...