13 matches found
CVE-2012-4950
Cross-site scripting XSS vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of error messages...
Code injection
The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element...
CVE-2012-4935
Cross-site request forgery CSRF vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users...
CVE-2012-4937
Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsessionid cookie...
Session fixation
Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsessionid cookie...
CVE-2012-4936
The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users...
CVE-2012-4936
The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element...
CVE-2012-4935
Cross-site request forgery CSRF vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users...
CVE-2012-4950
CVE-2012-4950 is a reflected cross-site scripting vulnerability in the Keyword Search page of the Pattern Insight 2.3 web interface. The issue arises because certain characters in error-message construction are not properly escaped, allowing a remote attacker to inject arbitrary script/HTML via a...
CVE-2012-4937
CVE-2012-4937 affects Pattern Insight 2.3. The web interface suffers a session-management weakness (session fixation) where a jsession_id cookie can be used to hijack an authenticated session. Impact, as described, includes potential privilege escalation or authentication bypass for an attacker w...
CVE-2012-4938
CVE-2012-4938 affects Pattern Insight 2.3 web interface. The root cause is that HTML is allowed in the banner message, enabling an authenticated administrator to inject arbitrary web script or HTML, i.e., a cross-site scripting (XSS) condition. The issue is contextual: exploitation requires exist...
CVE-2012-4937
Session fixation vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack web sessions via a jsessionid cookie...