11 matches found
CVE-2023-6098
An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...
Cross site scripting
An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...
CVE-2023-6098 Cross-site Scripting on ICSSolution ICS Business Manager
An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...
CVE-2023-6098 Cross-site Scripting on ICSSolution ICS Business Manager
An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...
CVE-2023-6098
CVE-2023-6098 relates to an XSS vulnerability in ICS Business Manager, version 7.06.0028.7066. The flaw affects the obdd_act/obdd act parameter, enabling a remote attacker to steal an authenticated user’s session and perform actions within the application. Technical details across sources confirm...
Cross site request forgery (csrf)
Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited...
Information disclosure
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link...
CVE-2019-17653
A Cross-Site Request Forgery CSRF vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link...
CVE-2019-3604
Cross-Site Request Forgery CSRF vulnerability in McAfee ePO legacy Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in McAfee ePO legacy Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors...