CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-06877)

CA API Developer Portal is a set of applications for software developers to provide API Application Programming Interface query function of the U.S. CA. apiExplorer is one of the API detector. A cross-site scripting vulnerability exists in apiExplorer in CA API Developer Portal, which stems from...

Pixel / Nexus Security Bulletin—April 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-04-05 or later address all issues in this bulletin and all issues in the...

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal versions 3.5 through 3.5 CR6, which stems from the program failing to...

Cross site scripting

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable...

CVE-2018-6587

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable...

CVE-2018-6588

CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer...

Cross site scripting

CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer...

Cross site scripting

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing...

CVE-2018-6588

CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer...

CVE-2018-6587

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable...

CVE-2018-6586

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing...

CVE-2018-6588

CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer...

CVE-2018-6587

CA API Developer Portal versions 3.5 up to and including 3.5 CR6 are affected by a reflected cross-site scripting vulnerability in the widgetID variable. The root cause is insufficient filtering of user-submitted HTML code in the widgetID handling, enabling arbitrary script execution. CVSS metric...

CVE-2018-6588

CVE-2018-6588 affects the CA API Developer Portal, specifically versions 3.5 up to and including 3.5 CR5. The vulnerability is a reflected cross-site scripting (XSS) flaw in the apiExplorer component, caused by improper handling of user-supplied HTML code, allowing an attacker to execute arbitrar...

CVE-2018-6586

CA API Developer Portal 3.5 up to and including 3.5 CR6 contains a stored cross-site scripting vulnerability in profile picture handling due to insufficient input filtering. Impact is partial integrity loss via script execution in the context of the user viewing the affected portal. The CVE is co...

CVE-2018-6587

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable...

PT-2018-17651 · Ca · Ca Api Developer Portal

Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR6 Description: The issue is related to a reflected cross-site scripting vulnerability. This vulnerability is associated with the widgetID variable. Recommendations: For CA API...

PT-2018-17652 · Ca · Ca Api Developer Portal

Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR5 Description: The issue is related to a reflected cross-site scripting vulnerability in the apiExplorer. Recommendations: For CA API Developer Portal versions 3.5 up to and...

PT-2018-17650 · Ca · Ca Api Developer Portal

Name of the Vulnerable Software and Affected Versions: CA API Developer Portal versions 3.5 up to and including 3.5 CR6 Description: The issue is related to a stored cross-site scripting vulnerability in the processing of profile pictures. Recommendations: For CA API Developer Portal versions 3.5...

Joomla内核SQL注入漏洞（CVE-2018-8045)

作者：绿盟科技 来源： CVE-2018-8045 漏洞简介 漏洞具体情况可参见绿盟科技安全威胁周报-201812周 Joomla! Core SQL注入漏洞： NSFOCUS ID：39158 CVE ID：CVE-2018-8045 受影响版本：Joomla! Joomla! 3.5.0-3.8.5 漏洞点评：Joomla是一套网站内容管理系统,使用PHP语言和MySQL数据库开发。Joomla! 3.5.0 -3.8.5版本对SQL语句内的变量缺少类型转换，导致User Notes列表视图内SQL注 入漏洞，可使攻击者访问或修改数据等。目前厂商已经发布了升级补丁，修复了这个...