21 matches found
CVE-2021-27950
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA...
CVE-2021-28901
Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...
EUVD-2021-15554
Malware in sbrugna...
EUVD-2021-14668
Malware in sbrugna...
Malicious code in sita-tea (npm)
The package sita-tea was found to contain malicious code...
MAL-2025-33329 Malicious code in sita-tea (npm)
The package sita-tea was found to contain malicious code...
CVE-2021-28901
Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...
CVE-2021-28901
Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...
CVE-2021-28901
SITA Software Azur CMS (variant: 1.2.3.1 and earlier) exposes multiple cross-site scripting (XSS) vulnerabilities. The issue stems from insufficient validation/filtering of input parameters, allowing remote attackers to inject arbitrary script/HTML via: NOM_CLI, ADRESSE, ADRESSE2, LOCALITE to /es...
SITA Software Azur CMS 跨站脚本漏洞
SITA Software Azur CMS is a web CMS. A cross-site scripting vulnerability exists in SITA Software Azur CMS 1.2.3.1 and prior versions, which stems from the software's lack of effective validation and filtering of parameters. This allows a remote attacker to pass 1 NOMCLI, 2 ADRESSE, 3 ADRESSE2, 4...
Sita AzurCMS SQL Injection Vulnerability
Sita AzurCMS is a telecommuting solution from Sita Luxembourg. for telecommuting, clustered storage and virtualization. Sita AzurCMS suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in azurWebEngine in Sita AzurCMS in 1.2.3.12. An attacker can exploit...
CVE-2021-27950
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA...
Sql injection
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA...
CVE-2021-27950
CVE-2021-27950 affects Sita AzurCMS (AzurWebEngine/eShop)
CVE-2021-27950
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA...
Sita AzurCMS SQL注入漏洞
Sita AzurCMS is a telecommuting solution from Sita Luxembourg. for telecommuting, clustered storage and virtualization. Sita AzurCMS suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in azurWebEngine in Sita AzurCMS in 1.2.3.12. An attacker can exploit...
Chinese Hackers Believed to be Behind Second Cyberattack on Air India
Even as a massive data breach affecting Air India came to light the previous month, India's flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate...
Monumental Supply-Chain Attack on Airlines Traced to State Actor
A monster cyberattack on SITA, a global IT provider for 90 percent of the world’s airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history. The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentiall...
Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers
India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System PSS provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered...