202 matches found
CVE-2021-37212
The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...
Check MK < 1.6.0p25, 2.0.x < 2.0.0p4 XSS Vulnerability
Check MK is prone to a cross-site scripting XSS vulnerability in the management web console. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...
CVE-2021-36563
The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...
CVE-2020-35759
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content Locally/Remotely...
IBM Monitoring File Tampering Vulnerability
IBM Monitoring is an application service from IBM USA. It provides a cloud monitoring feature. IBM Monitoring suffers from a file tampering vulnerability that allows an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI. No detailed vulnerability...
CVE-2021-1127 Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
CVE-2019-11786
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...
CVE-2019-11786
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...
CVE-2019-11786
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...
CVE-2019-11786
CVE-2019-11786 affects Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, where improper access control allows remote authenticated users to modify translated terms, potentially causing arbitrary content changes on translatable elements. The issue is confirmed across multiple s...
CVE-2019-11786
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...
CVE-2019-19284
A vulnerability has been identified in XHQ All Versions 6.1. The web interface could allow Cross-Site Scripting XSS attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users...
CVE-2019-19286
A vulnerability has been identified in XHQ All Versions 6.1. The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages...
Coremail XT <= 5.0 XSS Vulnerability
Coremail XT is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2020-26584
An issue was discovered in Sage DPW 202006x before 202006002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can ...
CVE-2020-6368
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to...
USN-4536-1 spip vulnerabilities
Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2019-16392 Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could...
PT-2020-4023 · Microsoft · Sharepoint Server
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests. An attacker could exploit this by sending a crafted request,...
Unspecified Vulnerability in NETSAS Enigma NMS (CNVD-2020-18992)
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS server 65.0.0 and earlier versions. The vulnerability can be exploited by an attacker to gain access to the system, read sensitive data and create,...
CVE-2019-16061
A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...