CVE-2024-30112

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

CVE-2024-30112

CVE-2024-30112 concerns HCL Connections and describes a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary script code in a user’s browser, which could enable theft of cookie-based authentication credentials and compromise of the user’s account, potentiall...

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are...

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are...

CVE-2024-20405

CVE-2024-20405 affects Cisco Finesse, specifically the web-based management interface. The flaw arises from insufficient input validation for HTTP requests, enabling an unauthenticated, remote attacker to perform a stored XSS by exploiting a remote file inclusion (RFI) vulnerability. A crafted li...

Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...

CVE-2023-5597

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code...

CVE-2023-5597 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code...

CVE-2023-5597

CVE-2023-5597 is a stored cross-site scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer, constrained to 3DEXPERIENCE releases R2023x through R2024x. The issue arises in the 3DDashboard component, enabling arbitrary script execution when exploited. Public technical details in the conn...

SAP NetWeaver AS ABAP XSS (May 2024) (3448445)

The remote SAP NetWeaver ABAP server may be affected by a cross-site scripting XSS vulnerability. A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a use...

CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to t...

CVE-2024-20257

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker...

CVE-2024-20257

Cisco AsyncOS Web-based management interface in Cisco Secure Email Gateway is affected by an XSS vulnerability due to insufficient input validation. An authenticated remote attacker could entice a user to click a crafted link, leading to arbitrary script execution within the interface or exposure...

CVE-2024-20256

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20256

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20258

Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway has a web-based management interface vulnerability that enables cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link, al...

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20392

CVE-2024-20392 describes a vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway. The flaw arises from insufficient input validation of parameters passed to the API, enabling an unauthenticated, remote attacker to perform an HTTP response splitting...

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...