123 matches found
CVE-2020-35284
Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...
CVE-2020-6200
The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...
CVE-2003-0745
SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server...
www/varnish7 -- Request Smuggling Attack
The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...
PT-2025-18332 · Hcl · Hcl Domino Volt
Name of the Vulnerable Software and Affected Versions: HCL Domino Volt affected versions not specified Description: The issue is related to improper sanitization of SVG files, which allows client-side script injection in deployed applications. This can potentially lead to malicious script executi...
CVE-2022-44759
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications...
CVE-2024-30147
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications...
CVE-2024-45712
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...
CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...
CVE-2024-45712
CVE-2024-45712 affects SolarWinds Serv-U. The vulnerability is a client-side cross-site scripting (XSS) issue that can be exploited only by an authenticated user from the local browser session. The documented risk is described as very low. Affected guidance indicates versions prior to 15.5.1 are ...
SolarWinds Serv-U 15.0 < 15.5.1 XSS
The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.1. It is, therefore, affected by a vulnerability as referenced in the solarwindsserv-u1551 advisory. - SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only...
CVE-2024-49705
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...
CVE-2025-24517
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...
CVE-2025-2499
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...
CVE-2025-2499
CVE-2025-2499 affects Devolutions Remote Desktop Manager for Windows. The issue is a client-side access control bypass in the permission component, allowing an authenticated user to bypass specific restrictions (View Password, Edit Asset, Edit Permissions) by performing certain actions. Affected ...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
Mageia: Security Advisory (MGASA-2024-0395)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python programming language allows attackers to carry out “man-in-the-middle” type attacks.
The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python lies in the ability to bypass authentication using a user-controlled key. Exploiting this vulnerability allows an attacker to perform “man-in-the-middle” attacks remotely...
www/varnish7 -- client-side desync vulnerability
The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests...