CVE-2022-26889

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...

Path traversal

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...

CVE-2022-26889 Path Traversal in search parameter results in external content injection

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management...

CVE-2022-20740 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management...

Bad Actors Are Maximizing Remote Everything

The rise of remote work and learning opened new opportunities for many people – as we’ve seen by the number of people who have moved to new places or adapted to “workcations.” Cybercriminals are taking advantage of the same opportunities – just in a different way. Evaluating the prevalence of...

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2022-33103)

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code or acces...

Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2022-23464)

A cross-site scripting vulnerability exists in Elasticsearch Kibana, an open source, browser-based analysis and search Elasticsearch dashboard tool from Elasticsearch Netherlands, which stems from a lack of filtering and escaping of user data in the data preview pane. An attacker could exploit th...

CVE-2021-4046

The mtxtNom y mtxtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data...

Cisco Security Manager Cross-Site Scripting Vulnerability (CNVD-2022-06378)

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco, which are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices. cross-site scripting vulnerability exists in Cisco Security Manager, which stem...

Cisco Security Manager Cross-Site Scripting Vulnerability (CNVD-2022-04813)

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco, which is mainly used to configure firewall, VPN and intrusion protection security services on Cisco networks and security devices.A cross-site scripting vulnerability exists in Cisco Security Manager, whic...

Cisco Security Manager Cross-Site Scripting Vulnerability (CNVD-2022-04814)

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco, which is mainly used to configure firewall, VPN and intrusion protection security services on Cisco networks and security devices.A cross-site scripting vulnerability exists in Cisco Security Manager, whic...

Cisco Security Manager Cross-Site Scripting Vulnerability

Cisco Security Manager CSM is a set of enterprise-level management applications from Cisco, which are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices. cross-site scripting vulnerability exists in Cisco Security Manager, which stem...

ICEcoder 跨站脚本漏洞

ICEcoder is a browser-based code editor that provides a modern approach to building websites. By allowing you to write code directly in your web browser. A cross-site scripting vulnerability exists in icecoder, which can be exploited by attackers to perform XSS attacks...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2022-20636

Multiple cross-site scripting vulnerabilities affect the web-based management interface of Cisco Security Manager (CSM). The issues arise from insufficient input validation, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link and execute arbitrary script code ...

CVE-2022-20636 Cisco Security Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

[SECURITY] Fedora 34 Update: roundcubemail-1.4.12-1.fc34

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 33 Update: roundcubemail-1.4.12-1.fc33

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

JetBrains YouTrack Cross-Site Scripting Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows and monitoring project progress. A cross-site scripting vulnerability exists in JetBrains YouTrack, which stems from...