6664 matches found
CVE-2024-23188
CVE-2024-23188 affects Open-Xchange App Suite; multiple connected sources describe a vulnerability where maliciously crafted E‑mail attachment names can temporarily execute script code in a user’s browser session, with common user interaction required. The Open-Xchange-related entries indicate af...
CVE-2023-20248
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...
CVE-2023-20249
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...
CVE-2024-23189
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...
CVE-2024-23191
Open-Xchange App Suite (Ox App Suite) is affected. The vulnerability stems from controllable upsell content that can be manipulated to execute script code in a user’s browser session. Exploitation requires temporary access to a user’s account or a successful social engineering lure to a malicious...
CVE-2024-23190
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts...
CVE-2024-23191
Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured...
CVE-2024-23190
The CVE-2024-23190 issue affects Open-Xchange App Suite (Ox App Suite) where manipulating upsell shop information in an account can lead to script execution in a user’s browser session. The root cause is improper handling of user-defined upsell content; sanitization has been improved in updates. ...
CVE-2024-23189
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...
CVE-2024-23189
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...
CVE-2024-23189
CVE-2024-23189 concerns Open-Xchange App Suite. A vulnerability arises from embedded content references in tasks that can temporarily execute script code in a user’s browser session. Exploitation would require user interaction or social engineering to import external content, and could enable mal...
Cisco Unified Communications Manager IM & Presence XSS (cisco-sa-cucm-imps-xss-quWkd9yF)
According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the report host is affected by a coss-site scripting XSS vulnerability. The vulnerability exists in the web-based management interface due to improper validation of user-supplied input before...
CVE-2024-20367
A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...
CVE-2024-20334
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...
CVE-2024-20334
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...
CVE-2024-20334
CVE-2024-20334 affects Cisco TelePresence Management Suite (TMS) web-based management interface. Vulnerability arises from insufficient input validation in the interface, enabling a low-privileged, remote attacker to perform cross-site scripting (XSS). A successful exploit could execute arbitrary...
CVE-2024-20367
A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...
Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against an authenticated user of the interface. This vulnerability exists because t...
Cisco IP Phones 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting (CVE-2019-16008)
A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of an affected system. The vulnerability is due to...
Crlf injection
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...