58 matches found
EMC Data Protection Advisor < 19.7 Build B4 XSS (DSA-2022-107)
According to its self-reported version, the application is below version 19.7 Build B4. It is, therefore, affected by a stored cross-site scripting vulnerability. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context ...
CVE-2022-33935
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...
CVE-2022-33935
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...
CVE-2022-33935
Summary: CVE-2022-33935 affects Dell EMC Data Protection Advisor versions 19.6 and earlier and is a stored cross-site scripting (XSS) vulnerability in the web data store component. An attacker could cause the browser to execute malicious HTML/JavaScript in the context of the vulnerable web applic...
CVE-2022-33929
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the...
CVE-2022-33929
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the...
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
Design/Logic Flaw
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2022-26866
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user...
CVE-2022-29091
Summary: CVE-2022-29091 affects Dell Unity, Dell UnityVSA, and Dell UnityXT versions before 5.2.0.0.5.173. A Reflected Cross-Site Scripting vulnerability exists in the Unisphere GUI, enabling an unauthenticated remote attacker to trigger execution of malicious HTML/JavaScript in the victim’s brow...
Adobe Acrobat and Reader Client Side Request Injection (APSB18-09: CVE-2018-4995)
A Security Bypass vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
SmarterStats 11.3.6347 Cross Site Scripting
---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries ---------------------------- Author: David Hoyt Date:...
SmarterStats 11.3.6347 - Cross-Site Scripting
SmarterStats 11.3.6347 - Cross-Site Scripting ---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries...
Squid Denial of Service Vulnerability (CNVD-2016-03063)
Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial-of-service vulnerability exists in the clientsiderequest.cc file in Squid versions 3.x...
Design/Logic Flaw
clientsiderequest.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service crash via crafted Edge Side Includes ESI responses...
UBUNTU-CVE-2016-4555
clientsiderequest.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service crash via crafted Edge Side Includes ESI responses...
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities
Document Title: =============== Remote Desktop v0.9.4 Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1413 Release Date: ============= 2015-01-20 Vulnerability Laboratory ID VL-ID: ====================================...
PayPal Fixes Trio of Remote-Access Vulnerabilities
PayPal has repaired three remote-access vulnerabilities found in different areas of its website, including a cross-site scripting XSS flaw on its PayPal Community Forum. All three flaws were submitted to PayPal’s Bug Bounty Program. Researcher Benjamin Kunz Mejri of Vulnerability-Lab reported the...