79 matches found
CVE-2022-20634
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...
CVE-2022-20631
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20631
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20633 Cisco Enterprise Chat and Email Username Enumeration Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as...
CVE-2022-20633 Cisco Enterprise Chat and Email Username Enumeration Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as...
CVE-2022-20632 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20632 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20631 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20631 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20634 Cisco Enterprise Chat and Email Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...
CVE-2022-20634 Cisco Enterprise Chat and Email Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...
CVE-2024-7785
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...
CVE-2024-7785 Reflected XSS in Ece Software's Electronic Ticket System
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...
CVE-2024-7785 Reflected XSS in Ece Software's Electronic Ticket System
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...
Ece Electronic Ticket System 跨站脚本漏洞
Ece Electronic Ticket System is an electronic ticket system from Ece Corporation. A cross-site scripting vulnerability exists in the Ece Electronic Ticket System that stems from improper input neutralization during web page generation...
CVE-2024-20367
A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...
CVE-2024-20367
Cisco Enterprise Chat and Email (ECE) web UI vulnerability (CVE-2024-20367) enables authenticated, remote XSS due to improper input validation. An attacker must coerce a user to click a crafted link, potentially executing arbitrary script in the UI or accessing browser data. Impact is limited to ...
Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...
ece-cadus.de Improper Access Control vulnerability OBB-3766178
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Elastic Cloud Enterprise (ECE) 2.13.3, 3.3.0 Security Update
ECE Denial of Service DoS issue ESA-2023-09 A denial of service vulnerability was discovered in ECE that could lead to the ECE Admin API server becoming unavailable if a maliciously crafted JWT is supplied. This is due to the use of a transitive dependency json-smart which parses nested arrays in...