35 matches found
EUVD-2024-16872
Malicious code in bioql PyPI...
CVE-2024-1097
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
CVE-2024-1097
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
CVE-2024-1097
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
CVE-2024-1097 Stored XSS in craigk5n/webcalendar
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
CVE-2024-1097 Stored XSS in craigk5n/webcalendar
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
CVE-2024-1097
CVE-2024-1097: A stored XSS in craigk5n/webcalendar 1.3.0 occurs in the Report Name input during report creation. Malicious scripts can run in other users’ context, potentially enabling theft of user accounts and cookies. Public details about a fix are not provided in the connected sources; no pa...
PT-2024-16673 · Craigk5N · Webcalendar
Name of the Vulnerable Software and Affected Versions: craigk5n/webcalendar version 1.3.0 Description: A stored cross-site scripting XSS issue exists in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of...
Malicious code in report_name (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2023-24015
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on...
Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2
Summary A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. Impact The reports section will be partially unavailable for all later attempts to use it, with the report list...
Acronis Cyber Protect Injection Vulnerability
Acronis Cyber Protect is an application. that provides unified protection for your network by integrating backup, disaster recovery, artificial intelligence-based malware protection, remote assistance and security into a single, reliable tool.Acronis Cyber Protect 15 Linux, Windows suffers from a...
CVE-2022-30991
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 29240...
CVE-2022-30991
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 29240...
CVE-2022-30991
CVE-2022-30991 affects Acronis Cyber Protect 15 (Linux and Windows) before build 29240. The issue is HTML injection via the report name. Connected sources confirm the affected product/version and the vulnerability class; remediation guidance is to update to a version after build 29240. Exploitati...
CVE-2022-30991 HTML injection via report name
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 29240...
PT-2022-20439 · Acronis · Acronis Cyber Protect 15 +1
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 15 versions before build 29240 Description: The issue is related to HTML injection via report name. Recommendations: For Acronis Cyber Protect 15 versions before build 29240, update to a version after build 29240 to...
TIETEN Acronis Cyber Protect 跨站脚本漏洞
Acronis Cyber Protect is an application. that provides unified protection for your network by integrating backup, disaster recovery, artificial intelligence-based malware protection, remote assistance and security into a single, reliable tool.Acronis Cyber Protect 15 Linux, Windows suffers from a...
CVE-2022-30991
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 29240...
Hitachi Vantara Pentaho 跨站脚本漏洞
Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A stored cross-site scripting vulnerability exists in the Display Name parameter of the Analysis Report in...