229 matches found
Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp
The social network’s new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month...
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
Design/Logic Flaw
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
CVE-2022-47419
CVE-2022-47419 affects Mayan EDMS DMS with a reflected XSS in the in-product tagging system. The CVSS 3.1 base score is 5.4 (MEDIUM) with network attack vector, low attack complexity, require low privileges and user interaction. Exploitation observed per GHSA-5M6V-2XGF-QHRW and OSV details; no au...
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
CVE-2022-47413
Technical details about CVE-2022-47413 are not provided in the supplied documents; no affected products or fixes are listed here. Monitor for updates.
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
CVE-2022-47412
Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition...
CVE-2022-47412
Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition...
CVE-2022-47412
Technical details about CVE-2022-47412 are not publicly provided in the connected documents. Monitor for updates.
Ascensio System ONLYOFFICE 跨站脚本漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in Ascensio System ONLYOFFICE Workspace DMS. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...
Design/Logic Flaw
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2023-22746
CVE-2023-22746 affects CKAN Docker-based deployments where a default, shared secret key is used across multiple instances unless overridden in the container’s .env. The vulnerability allows forging authentication requests between CKAN instances when the default secret key is not customized. Affec...
CVE-2022-4495
A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated...
PYSEC-2022-42989
A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated...
collective.dms.basecontent 跨站脚本漏洞
collective.dms.basecontent is Collective open source a document management system for the basic content class . collective.dms.basecontent version 1.7 suffers from a cross-site scripting vulnerability. Attackers use this vulnerability to execute cross-site scripting attacks...
PT-2022-27349 · Unknown · Collective.Dms.Basecontent
Name of the Vulnerable Software and Affected Versions: collective.dms.basecontent versions up to 1.6 Description: The issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py, leading to cross site scripting. The attack may be initiated remotely...
Siemens Desigo CC and Cerberus DMS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo CC and Cerberus DMS Vulnerability: Use of Client-Side Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to impersonate...
CVE-2022-33139
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...