19 matches found
CVE-2026-43164
In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...
EUVD-2017-5503
Malware in sbrugna...
EUVD-2016-5850
Malware in sbrugna...
EUVD-2023-26588
Malicious code in bioql PyPI...
Tenda i24和Tenda W12 安全漏洞
The Tenda W12 and i24 is a wireless router made by Tenda. A stack overflow vulnerability exists in the Tenda W12 and i24. The vulnerability stems from improper handling of the rebootDate parameter in the cgiSysScheduleRebootSet function in the /bin/httpd file. An attacker can exploit the...
Cross site scripting
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-22425
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-22425
CVE-2023-22425 concerns SHIRASAGI: a stored cross-site scripting (CWE-79) in the Schedule function affects SHIRASAGI v1.16.2 and earlier. The vulnerability allows a remote authenticated attacker to inject arbitrary script, with impact that an arbitrary script may execute in a user’s browser when ...
Multiple cross-site scripting vulnerabilities in SHIRASAGI
Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Stored cross-site scripting vulnerability on Theme switching function CWE-79 - CVE-2023-22427 CVE-2023-22425 Ren...
JVN#18765463: Multiple cross-site scripting vulnerabilities in SHIRASAGI
SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
CVE-2017-13988
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function...
Improper access control
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function...
CVE-2017-13988
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function...
CVE-2016-4870
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
CVE-2016-4870
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
Cross site scripting
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
CVE-2016-4870
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
CVE-2016-4870
CVE-2016-4870 is a cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0, exploitable via the Schedule function by a remote, authenticated attacker who can inject script or HTML into the victim’s browser. Affected product: Cybozu Office versions 9.0.0–10.4.0. Root cause: improper ha...
"Schedule" function in Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...