Insecure Deserialization

Radisson is vulnerable to Insecure Deserialization. The vulnerability is due to the client deserializing objects without validation. If an attacker can gain control of the redis server, they can include crafted objects that lead to arbitrary code execution. Due to incomplete fix, its recommended...

SAP Business Objects Web Intelligence Cross-Site Scripting Vulnerability

SAP Business Objects Web Intelligence is a centralized suite from SAP, Germany. It is used for data reporting, visualization, and sharing. A cross-site scripting vulnerability exists in SAP Business Objects Web Intelligence version 420, which stems from the lack of effective filtering and escapin...

The vulnerability of the Microsoft .NET Framework software lies in the improper limitation of XML references to external objects, which allows attackers to access confidential information.

The vulnerability of the Microsoft .NET Framework software platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

The vulnerability of SAP BusinessObjects Web Intelligence, a web platform for analytics and reporting, relates to the lack of protective measures for the website structure. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the SAP BusinessObjects Web Intelligence web platform relates to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by clicking on a specially created malicious...

Cross Site Scripting

concrete5 is vulnerable to Cross Site Scripting XSS. The attacker is able to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

Cross Site Scripting (XSS)

ConcreteCMS is vulnerable to Cross Site Scripting. The vulnerability is due to injecting a crafted script into the Forms of the Data objects. The attacker can exploit this vulnerability by injection malicious JavaScript on client side...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...

SAP Business Objects Web Intelligence 跨站脚本漏洞

SAP Business Objects Web Intelligence is a centralized suite from SAP, Germany. It is used for data reporting, visualization, and sharing. A cross-site scripting vulnerability exists in SAP Business Objects Web Intelligence version 420, which stems from the lack of effective filtering and escapin...

ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

GHSA-6XX7-R8X4-FPJP ConcreteCMS Cross-site Scripting vulnerability

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

ConcreteCMS Cross-site Scripting vulnerability

A Cross Site Scripting XSS vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

GHSA-P4JJ-GWPG-9JWH ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44761

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

Cross site scripting

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

PT-2023-29285 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and below Concrete CMS versions 9.0.0 through 9.2.1 Description: Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS allow a local attacker to execute arbitrary code via a crafted script to the Forms...

PT-2023-29289 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.12 and below Concrete CMS versions 9.0 through 9.2.1 Description: A Cross Site Scripting XSS vulnerability allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from...

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...