17 matches found
EUVD-2022-43555
Malicious code in bioql PyPI...
EUVD-2022-30439
Malicious code in bioql PyPI...
EUVD-2022-43546
Malicious code in bioql PyPI...
CVE-2022-40248
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field...
CVE-2022-40257
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field...
CVE-2022-40248
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field...
CVE-2022-40257
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field...
Design/Logic Flaw
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field...
Design/Logic Flaw
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field...
CVE-2022-40257
CVE-2022-40257 affects CERT/CC VINCE software prior to v1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML in the Subject field due to insufficient HTML sanitization. The vulnerability enables HTML injection in VINCE’s handling of email subjects, with CVSS v...
CVE-2022-40248 An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field...
CVE-2022-40248
CERT/CC VINCE is affected by an HTML injection vulnerability in versions prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via the Product Affected field in a form, potentially impacting data or UI integrity. The vulnerability has been consistently described across multiple sou...
CVE-2022-40257 An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field...
CVE-2022-25799
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious...
CVE-2022-25799
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious...
Open redirect
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious...
CVE-2022-25799
CERT/CC VINCE is affected by an open redirect vulnerability in versions prior to 1.50.0. An attacker can craft a URL that, when an authenticated user clicks it, redirects the user’s browser to a malicious site impersonating a legitimate one, potentially enabling credential exposure. The issue’s r...