Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. There is a security vulnerability in Hitachi Vantara Pentaho Data Integration and Analytics, which stems from the JDBC driver of the H2 database,...

Mediawiki - SecurePoll Extension 安全漏洞

Mediawiki - SecurePoll Extension is an open source plugin for elections, polls and surveys from Mediawiki. A security vulnerability exists in the master version of Mediawiki - SecurePoll Extension, which stems from improper input neutralization during page generation and could lead to a stored...

PostgreSQL -- vulnerabilities

PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent pgdump scripts from being used to attack the user running the restore. Convert newlines to spaces in names included in comments in pgdump output...

PT-2024-35823 · WordPress · Wp Auto Top

Name of the Vulnerable Software and Affected Versions: wp auto top versions prior to 2.9.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component of Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS that stems from vulnerability to cross-site scripting attac...

PT-2023-25052 · WordPress · Wp Shopping Pages

Name of the Vulnerable Software and Affected Versions: WP Shopping Pages WordPress plugin versions 1.14 and earlier Description: The issue is related to the lack of CSRF checks in some areas of the plugin, as well as missing sanitization and escaping. This could allow attackers to make logged-in...

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

Cross site scripting

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

HPE Network Node Manager i (NNMi) Remote Code Execution Vulnerability

HPE Network Node Manager i NNMi is a suite of network management software from Hewlett Packard Enterprise HPE. The software unifies the management of network failures, availability, and performance in a single centralized console, and helps users extend network uptime, improve performance, and...

IBM TRIRIGA Application Platform Cross-Site Request Forgery Vulnerability (CNVD-2016-03775)

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

Vulnerability in PostCalendar

Overview -------- PostCalendar is an add-on for the popular PostNuke content management system. It provides a calender that lets users add events to. Problem ------- A user can add an event with unchecked HTML tags in. This includes the script tag which allows an attacker to steal cookies, redire...

Security Bulletin MS01-022

---------------------------------------------------------------------- Title: WebDAV Service Provider Can Allow Scripts to Levy Requests as User Date: 18 April 2001 Software: Microsoft Data Access Component Internet Publishing Provider Impact: Web-based script could levy WebDAV requests on the...

Security Update For Exchange Server 2016 CU12 (KB4503027)

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access OWA fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive...