EUVD-2020-28149

Malware in sbrugna...

K23312037: Intel CPU vulnerability CVE-2018-3679

Security Advisory Description Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. CVE-2018-3679 Impact There is no impact; F5 products are not affect...

CVE-2020-7011

A flaw was found in elasticsearch. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim's web browser...

Elastic App Search Cross-Site Scripting Vulnerability

Elastic App Search is a powerful set of APIs and developer tools from Elastic designed for developers to build rich, user-oriented search applications. Elastic App Search versions prior to 7.7.0 have a cross-site scripting vulnerability in the Reference UI that displays document URLs. If the...

CVE-2020-7011

Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...

CVE-2020-7011

Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...

Elastic: Stored XSS in Elastic App Search

Summary: There exists a stored XSS via referenceui in "URL" Parameter in the latest Elastic App Search v7.6.2 Tested both on cloud and local instance Description: Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message...