syracuse-theater.com Cross Site Scripting vulnerability OBB-3437225

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Is it Getting Harder to Pigeonhole Games into Specific Genres?

By Owais Sultan Back in 2015, a study from Syracuse University analysed how grouping video games into genres can be limited.… This is a post from HackRead.com Read the original post: Is it Getting Harder to Pigeonhole Games into Specific Genres?...

CVE-2020-7387

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

CVE-2020-7387

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

CVE-2020-7390

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 components shipped with Syracuse...

CVE-2020-7390

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 components shipped with Syracuse...

Design/Logic Flaw

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

Design/Logic Flaw

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

Cross site scripting

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 components shipped with Syracuse...

CVE-2020-7389 Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment

Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production...

CVE-2020-7388 Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

CVE-2020-7387 Sage X3 AdxAdmin Exposure of Sensitive Information to an Unauthorized Actor

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

calendar.syracuse.edu Cross Site Scripting vulnerability OBB-1208424

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

enrollinsyracusecityschools.com XSS vulnerability

Open Bug Bounty ID: OBB-606123 Description| Value ---|--- Affected Website:| enrollinsyracusecityschools.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

shopping.syracuse.com XSS vulnerability

Open Bug Bounty ID: OBB-550521 Description| Value ---|--- Affected Website:| shopping.syracuse.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Powered by OwnLocal Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

syracuse.edu XSS vulnerability

Open Bug Bounty ID: OBB-550442 Description| Value ---|--- Affected Website:| syracuse.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based ...

syracuse.edu XSS vulnerability

Open Bug Bounty ID: OBB-458832 Description| Value ---|--- Affected Website:| syracuse.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

faculty.maxwell.syr.edu XSS vulnerability

Vulnerable URL: http://faculty.maxwell.syr.edu/jishnu/quiz2.asp?start=new&p1;=&c1;=1%22%27--!%3E%3CScript%20/K/%3EconfirmOPENBUGBOUNTY%3C/Script%20/K/%3E&p2;=&c2;= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:|...

bookweb.syr.edu XSS vulnerability

Vulnerable URL: https://bookweb.syr.edu/ePOS?design=1=shared3/gm/main.html=1category=%3C/SCript%3E%3CsvG/onLoad=prompt%28/openbugbounty/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...