Angular template injection in Reports in Guardian/CMC before 26.1.0

Summary An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially...

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineer...

EUVD-2018-11793

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the contact tracking and page hits report feature. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerabili...

ScienceLogic SL1 操作系统命令注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A command execution vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from the Download and Convert Reports feature...

istio security update

istio 1.13.7-1 - Added Oracle specific files for 1.13.7-1 olcne 1.4.7-1 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 1.4.6-2 - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printin...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...

CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...