7614 matches found
CVE-2022-36277
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...
CVE-2022-36277
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...
Design/Logic Flaw
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...
CVE-2022-36277 SQL injection vulnerability in TCMAN GIM
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...
CVE-2022-36277 SQL injection vulnerability in TCMAN GIM
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks...
jetty: Improper validation of HTTP/1 content-length
A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...
PT-2023-13469 · Tcman Gim · Tcman Gim
Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.0.1 Description: The issue concerns the sReferencia, sDescripcion, txtCodigo, and txtDescripcion parameters in the "frmGestionStock.aspx" and "frmEditServicio.aspx" files, which could allow an attacker to perform persisten...
CVE-2023-32670
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...
Malicious code in apidemo-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f75d9b21d9cdb2946b01c0b9e4be982b14730680d4e167d11ad1402cf1c95ff8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...
Malicious code in @zettle-bo/dashboard (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510b4f65adcadc6cf06f1caf2a6a9f71e0b88b31e88b96d18de7dc241fdb9c70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update
OpenShift API for Data Protection OADP 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2023-4093
Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...
Cross site scripting
Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...
Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its...
Malicious code in @spgy/eslint-plugin-spgy-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f153ed03ad775543b9a2c5ba45f744fdb6dc3bdd3de7734a273488881a1353a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fca-bucu (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2908145aa0c6daa50e572b3120bf06a85fcc270fc0cdf0733af4bf1e624bf0da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fce-vanthinh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c3a287005f67e6918d008e51a2146300d174fca3a97b210b9c29e20d3319bff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in test-archive (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1f4a4a3a36da800a3c6e33fb47a4a42edf9ec19c39db7d5ea4e52a8fb378d12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
STORED XSS in Journal-> Sections
Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...