398 matches found
Matrix Synapse Cross-Site Scripting Vulnerability (CNVD-2021-24348)
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A cross-site scripting vulnerability exists in Matrix Synapse versions prior to 1.27.0, which can be exploited by attackers to access cookies and other browser data...
Cross-site Scripting (XSS)
Synapse is vulnerable to cross-site scripting XSS attacks. An attacker is able to inject and execute malicious script as the library does not escape loading of HTML files from the default Synapse template directory, allowing access to cookies and other browser data and access to other resources...
Apache Synapse 跨站脚本漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A cross-site scripting vulnerability exists in Matrix Synapse versions prior to 1.27.0, which can be exploited by attackers to access cookies and other browser data...
Triconsole Datepicker Calendar 跨站脚本漏洞
Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...
Mozilla: Variable time processing of cross-origin images during drawImage calls
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2020-66209)
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A cross-site scripting vulnerability exists in the API in Cisco Webex Meetings. The vulnerability stems from improper validation of user input provided to the application programming interface API. An attacker could...
Cisco Webex Meetings 跨站脚本漏洞
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A cross-site scripting vulnerability exists in the API in Cisco Webex Meetings. The vulnerability stems from improper validation of user input provided to the application programming interface API. An attacker could...
CVE-2020-3587
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2020-3551
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management...
CVE-2020-3579
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does not properl...
Cisco Webex Teams Cross-Site Scripting Vulnerability
Cisco Webex Teams is a comprehensive communications application designed to provide you with all the necessary tools and the right environment to enhance team collaboration. A cross-site scripting vulnerability exists in the web interface of Cisco Webex Teams. The vulnerability stems from imprope...
PT-2020-4626 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user. The...
Cisco Firepower Management Center (FMC) Cross-Site Scripting Vulnerability
Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center FMC that stems from the web-based management interface failing to adequately validate user-supplied input. An attacker...
CVE-2020-3589
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the...
py-matrix-synapse -- XSS vulnerability
Matrix developers reports: The fallback authentication endpoint served via Synapse were vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities,...
CVE-2020-3523
A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface...
Cisco Data Center Network Manager Cross-Site Scripting Vulnerability (CNVD-2020-48586)
Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A cross-site scripting vulnerability exists in the Web management interface in Cis...
CVE-2019-4366
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748...
CVE-2019-4366
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748...
Information disclosure
IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748...