Microsoft Dynamics 365 跨站脚本漏洞

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 on-premises...

Security Bulletin: IBM Jazz Reporting Services is vulnerable to a to cross-site scripting (CVE-2020-4051)

Summary Cross-site scripting has been identified in dojo library shipped with IBM Jazz Reporting Services JRS. JRS has addressed the issues by releasing a fix Vulnerability Details CVEID:CVE-2020-4051 DESCRIPTION: Dijit is vulnerable to cross-site scripting, caused by improper validation of...

PT-2024-6139 · Zyxel · Wax655E +4

Name of the Vulnerable Software and Affected Versions: Zyxel NWA1123ACv3 versions 6.70ABVT.4 and earlier Zyxel WAC500 versions 6.70ABVS.4 and earlier Zyxel WAX655E versions 7.00ACDO.1 and earlier Zyxel WBE530 versions 7.00ACLE.1 and earlier Zyxel USG LITE 60AX version V2.00ACIP.2 Description: The...

Microsoft Dynamics 365 安全漏洞

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 on-premises,...

Security Bulletin: Vulnerabilities in Golang Go affect Cloud pak System [CVE-2023-39319, CVE-2023-39318]

Summary Vulnerabilities in Golang Go affect Cloud Pak System Software. Vulnerability Details CVEID:CVE-2023-39319 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this...

Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064

Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerabili...

CVE-2024-30112 HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

Adobe Experience Manager 安全漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility, which can be exploited by an attacker to...

CVE-2024-26331

ReCrystallize Server 5.10.0.0 is vulnerable to authentication bypass via cookie manipulation. The Nuclei template and Red Hat/NVD entries describe an issue where the cookie value (e.g., AdminUsername) is not bound to a session ID, allowing an attacker to bypass authentication by modifying the coo...

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet back parameter, which is caused by improper validation of user-supplied input in the playlist.php script. An attacker could use this vulnerability to steal the victim's...

PT-2024-21355 · Unknown · Recrystallize Server

Name of the Vulnerable Software and Affected Versions: ReCrystallize Server version 5.10.0.0 Description: The issue concerns an authorization mechanism that relies on the value of a cookie but does not bind this value to a session ID. This allows attackers to easily modify the cookie value within...

Exploit for SQL Injection in Nagios Nagios_Xi

CVE-2023-48084 Fixes broken syntax in the POC, primarily incor...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2025-21552)

RiteCMS is an open source content management system based on PHP and SQLite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the component mainmenu/editsection, which can be exploited by an attacker to...

Mozilla Firefox for iOS Cross-Site Scripting Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox for iOS, which can be exploited by an attacker to execute JavaScript from an open bookmarked page to obtain the victim's cookie-based...

Apache Ambari 输入验证错误漏洞

Apache Ambari is an application from the Apache USA Foundation. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. Apache Ambari suffers from a cross-site scripting vulnerability that can be exploited by an attacker to obtain a...

PMB SQL Injection Vulnerability

PMB is a 100% free document management reference tool from the PMB Services team. A SQL injection vulnerability exists in PMB 7.4.7 and prior versions, which originates from a vulnerability that could allow an unauthenticated, remote attacker to inject arbitrary SQL commands via the PmbOpac-LOGIN...