8 matches found
CVE-2021-42797
Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...
Path traversal
Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...
CVE-2021-42797
Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...
AVEVA Edge has an information disclosure vulnerability
AVEVA Edge is a highly scalable and flexible HMI/SCADA software from the UK-based Jianwei Software AVEVA. An information disclosure vulnerability exists in AVEVA Edge version 2020 R2, which can be exploited by an attacker to obtain account information for accessing external DB resource...
GHSA-6MXM-WPQV-675H Moodle XSS from profile fields from external db
Multiple cross-site scripting XSS vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field...
Moodle XSS from profile fields from external db
Multiple cross-site scripting XSS vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field...
Cross-site Scripting (XSS)
Moodle is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary web script with an external DB profile field...
CVE-2016-2152
Multiple cross-site scripting XSS vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field...