EUVD-2023-0338

Malicious code in bioql PyPI...

CVE-2023-22732 Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administratio...

CVE-2023-22732

Shopware administration session expiration was set to one week, enabling reuse of a stolen session cookie. The issue is documented across multiple sources (CVE-2023-22732) and is mitigated by updating to version 6.4.18.1, which adds automatic logout after inactivity. The vulnerability affects the...

Juniper Junos OS Vulnerability (JSA11238)

A persistent Cross-Site Scripting XSS vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web...

Cross site scripting

A persistent cross-site scripting XSS vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

CVE-2019-0023 Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu

A persistent cross-site scripting XSS vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative...

Cross site scripting

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

Cisco Online Help System Cross-Site Scripting Vulnerability

Multiple Cisco products contain a vulnerability in the Online Help System that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists because the search feature of the web-based Online Help System interface fails to sufficiently filter...

CVE-2006-3226

Cisco Secure Access Control Server ACS 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management...