76 matches found
PT-2023-15509 · Jedox · Jedox
Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: A Stored cross-site scripting issue allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module log. This enables attackers to execute malicious scripts on...
Shopware's log module vulnerable to Improper Output Neutralization
Impact The log module contains all kind of sent mails. It is possible to see the password reset email of customers and admin users to gain probably more access. Patches Update to the latest 6.4.18.1 version. Workarounds - For older versions of 6.1, 6.2, and 6.3, corresponding security measures ar...
GHSA-7CP7-JFP6-JH4F Shopware's log module vulnerable to Improper Output Neutralization
Impact The log module contains all kind of sent mails. It is possible to see the password reset email of customers and admin users to gain probably more access. Patches Update to the latest 6.4.18.1 version. Workarounds - For older versions of 6.1, 6.2, and 6.3, corresponding security measures ar...
CVE-2023-22733
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issu...
Code injection
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issu...
CVE-2023-22733
CVE-2023-22733 affects Shopware’s log module in affected Shopware versions (notably 6.1, 6.2, 6.3, and up to 6.4.18.1). The vulnerability is an information disclosure risk where the log output may contain sensitive data, including password reset emails, if an attacker can access local system logs...
CVE-2023-22733 Improper Output Neutralization in Log Module in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issu...
PT-2023-18675 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.18.1 Description: The log module in Shopware writes out all kinds of sent mails, potentially allowing an attacker with access to local system logs or a centralized logging store to access other users' accounts...
Cross-site Scripting (XSS)
tribalsystems/zenario is vulnerable to cross-site scripting attacks. The vulnerability exists due to a lack of sanitization in the adminorganizer.js of the component error log module, allowing an attacker to inject and execute malicious javascript into the system...
GHSA-F92P-F8R2-C87Q Tribal Systems Zenario CMS vulnerable to Cross-site Scripting
A vulnerability has been found in Tribal Systems Zenario CMS prior to version 8.5.51340. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The...
Tribal Systems Zenario CMS vulnerable to Cross-site Scripting
A vulnerability has been found in Tribal Systems Zenario CMS prior to version 8.5.51340. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The...
CVE-2020-36608
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...
CVE-2020-36608 Tribal Systems Zenario CMS Error Log Module admin_organizer.js cross site scripting
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...
PT-2022-9010 · Tribal Systems · Zenario Cms
Name of the Vulnerable Software and Affected Versions: Tribal Systems Zenario CMS versions prior to 8.5.51340 Description: A vulnerability has been found in the Error Log Module of the Tribal Systems Zenario CMS, specifically in the file admin organizer.js. This issue leads to cross-site scriptin...
CVE-2020-36608 Tribal Systems Zenario CMS Error Log Module admin_organizer.js cross site scripting
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file adminorganizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched...
Zenario CMS 跨站脚本漏洞
Zenario CMS is a Zenario open source application . Provides a Web-based content management system. A security vulnerability exists in Zenario CMS that stems from some unknown functionality in adminorganizer.js of the Error Log module , which can lead to cross-site scripting...
PT-2022-15300 · Huawei · Hwlog
Name of the Vulnerable Software and Affected Versions: Huawei HWLog affected versions not specified Description: The DFX module has a Use-After-Free UAF vulnerability. Successful exploitation of this vulnerability may affect system stability. Recommendations: At the moment, there is no informatio...
CVE-2020-24038
myFax version 229 logs sensitive information in the export log module which allows any user to access critical information...
Information disclosure
myFax version 229 logs sensitive information in the export log module which allows any user to access critical information...