90 matches found
PT-2022-24624 · Unknown · Common User Interface
Name of the Vulnerable Software and Affected Versions: Common User Interface Component affected versions not specified Description: The issue is related to some UI elements of the Common User Interface Component not properly sanitizing output, making them prone to output arbitrary HTML, which can...
CVE-2022-3783
The CVE-2022-3783 issue affects node-red-dashboard, specifically the ui_text Format Handler’s file components/ui-component/ui-component-ctrl.js. The vulnerability enables cross-site scripting (XSS) and could be exploited remotely. Public references indicate a patch exists (patch SHA 9305d1a82f19b...
CVE-2022-3783 node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...
jenkins -- XSS vulnerability
Jenkins Security Advisory: Description High SECURITY-2886 / CVE-2022-41224 Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This results in a stored cross-site scripting XSS vulnerability exploitable...
SmallRye Health UI Cross-site Scripting vulnerability
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...
CVE-2022-31193
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...
CVE-2022-31191
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...
Design/Logic Flaw
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...
CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...
CVE-2022-31193 URL Redirection to Untrusted Site in Dspace JSPUI
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...
CVE-2022-31189
The CVE-2022-31189 issue affects the DSpace JSPUI component. When an internal system error occurs in the JSPUI, the application exposes the entire exception stack trace, which can disclose sensitive information. Affected product: DSpace JSPUI (UI for the repository app). Root cause: unsealed erro...
The vulnerability of the UI & Visualization component of the Oracle Hyperion BI+ service allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the UI & visualization component of the Oracle Hyperion BI+ service exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using the HTTP protocol...
MAL-2022-6944 Malicious code in visitor-ui-component-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95f13a6c30831b007d0a2ad374f667a871ceda94737f3f1593edcc5f2b9fcd12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in visitor-ui-component-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95f13a6c30831b007d0a2ad374f667a871ceda94737f3f1593edcc5f2b9fcd12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6945 Malicious code in visitor-ui-component-library-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a49ce3e79a28efd550ad3f4e2395fef81eb43c22efdaf89af060d89fd4649e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6748 Malicious code in ui-component-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9610c2f8d11b979d1eb35782d93fafa64ebfa1b8a1220d3ac0243f40beab69a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ui-component-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9610c2f8d11b979d1eb35782d93fafa64ebfa1b8a1220d3ac0243f40beab69a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the Google Chrome browser’s UI component, allowing a hacker to execute arbitrary code
The vulnerability of the Google Chrome browser’s UI component is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Cisco Application Policy Infrastructure Controller Stored XSS (cisco-sa-capic-scss-bFT75YrM)
According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a stored cross-site scripting XSS vulnerability in its Web UI component due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can...