3351 matches found
CVE-2024-20512
CVE-2024-20512 concerns Cisco Unified Contact Center Management Portal (Unified CCMP). The vulnerability is a reflected cross-site scripting (XSS) flaw in the web-based management interface caused by improper validation of user input. An unauthenticated, remote attacker can lure a user to click a...
CVE-2024-20460 Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user. This vulnerability is due to insufficient validation of user input...
CVE-2024-6380
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-6380 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-6380
CVE-2024-6380 is a reflected XSS vulnerability affecting ENOVIA Collaborative Industry Innovator (3DEXPERIENCE R2022x through R2024x). Connected sources confirm the issue targets the product/component (ENOVIA/Collaborative Industry Innovator) via reflective XSS, enabling arbitrary script executio...
CVE-2024-20475
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based...
CVE-2024-7736
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-7737
CVE-2024-7737 is a stored XSS vulnerability in 3DSwym (3DSwymer) affecting 3DEXPERIENCE R2022x through R2024x. The issue stems from storing/scriptable input that can execute arbitrary script code in a user’s browser session, enabling an attacker to perform actions or exfiltrate data within an aut...
CVE-2024-7736
The CVE-2024-7736 entry affects ENOVIA Collaborative Industry Innovator (3DEXPERIENCE R2022x through R2024x). The issue is a reflected Cross-site Scripting (XSS) vulnerability exploiting a JavaScript/script rendering pathway in the browser, enabling arbitrary script execution in a user session. T...
Security Updates for Microsoft Dynamics 365 (on-premises) (September 2024)
The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by a cross-site scripting XSS vulnerability. The vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, ...
CVE-2024-7938
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-7939
A stored Cross-site Scripting XSS vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-8004
CVE-2024-8004 describes a stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator spanning releases from 3DEXPERIENCE R2022x to R2024x . The issue allows an attacker to execute arbitrary script in a user’s browser session when malicious input is stored and rende...
CVE-2024-7939
CVE-2024-7939 describes a stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Dassault Systèmes 3DEXPERIENCE Release R2024x. The connected sources identify the affected component as 3DSwym/3DSwymer within the R2024x release and confirm the vulnerability type as stored ...
CVE-2024-7938
CVE-2024-7938 is a stored XSS in 3DSwymer’s 3DDashboard affecting 3DEXPERIENCE R2023x through R2024x. The vulnerability stems from insecure handling of input in the dashboard, enabling arbitrary script execution in a user’s browser session. The PT-2024-38703 advisory explicitly lists the affected...
CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-20488 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...
CVE-2024-20488 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...
CVE-2024-6378
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...