Lucene search
+L

69 matches found

ptsecurity
ptsecurity
added 2024/01/30 12:0 a.m.3 views

PT-2024-40900 · Crateio · Cratedb

Name of the Vulnerable Software and Affected Versions: CrateDB version 5.5.1 Description: The issue concerns an authentication bypass in the Admin UI component. It can be exploited by setting the X-Real-IP request header to a specific value, allowing access to the Admin UI using the default user...

9.8CVSS7.3AI score
Exploits0References2
prion
prion
added 2023/12/01 7:15 a.m.17 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...

5CVSS6.6AI score0.00546EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2023/10/14 12:0 a.m.4 views

PT-2023-25099 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 22.0.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...

7.6CVSS7.3AI score0.00354EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2023/03/23 5:32 a.m.9 views

CVE-2022-22512 VARTA: Multiple devices prone to hard-coded credentials

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

9.8CVSS9.6AI score0.00675EPSS
Exploits0References1
nvd
nvd
added 2023/02/01 5:15 a.m.29 views

CVE-2022-45096

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information...

6.5CVSS5.8AI score0.00489EPSS
Exploits0References1
cvelist
cvelist
added 2023/02/01 4:56 a.m.31 views

CVE-2022-45096

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information...

5.4CVSS6.7AI score0.00489EPSS
Exploits0References1
veracode
veracode
added 2022/11/02 2:13 a.m.31 views

Cross-site Scripting (XSS)

spark-core2.12 is vulnerable to cross-site scripting. The vulnerability exists because the loadMore function of log-view.js does not properly escape the log content rendered in UI, allowing an attacker to inject and execute a malicious JavaScript payload into the logs...

5.4CVSS5.7AI score0.01473EPSS
Exploits0References6Affected Software1
ibm
ibm
added 2022/06/21 8:15 p.m.40 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

Summary There are multiple vulnerabilities in Jetty Server. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in t...

7.8CVSS0.4AI score0.99298EPSS
Exploits16Affected Software1
github
github
added 2022/06/21 8:4 p.m.37 views

Argo CD's external URLs for Deployments can include JavaScript

Impact All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions up to and including admin. The scri...

9CVSS5.6AI score0.00915EPSS
Exploits0References5Affected Software2
osv
osv
added 2022/05/24 5:39 p.m.3 views

GHSA-VPJM-58CW-R8Q5 Arbitrary file read vulnerability in workspace browsers in Jenkins

The file browser for workspaces, archived artifacts, and $JENKINSHOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2.274 and earlier, LTS 2.263.1 and earlier. This allows attackers with Job/Workspace permission and the ability to control workspac...

6.5CVSS6.3AI score0.02226EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/09/22 12:0 a.m.4 views

IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

6.4CVSS6.1AI score0.0048EPSS
Exploits0References3
cnnvd
cnnvd
added 2021/05/10 12:0 a.m.4 views

Google Chrome 注入漏洞

Google Chromium is an open source web browser from Google USA. A security vulnerability previously existed in Chromium version 90.0.4430.212. The vulnerability stems from an incorrect security UI security issue found in the Web App Installs component of the program. No details of the vulnerabilit...

8.8CVSS5.5AI score0.00831EPSS
Exploits0References15
osv
osv
added 2021/03/30 5:15 p.m.4 views

CVE-2021-20518

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437...

5.4CVSS5.9AI score0.00502EPSS
Exploits0References2
osv
osv
added 2021/03/09 6:15 p.m.1 views

DEBIAN-CVE-2021-21170

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page...

6.5CVSS7.2AI score0.01599EPSS
Exploits1References1
openbugbounty
openbugbounty
added 2020/10/20 2:9 a.m.7 views

ui.mysodalis.com Cross Site Scripting vulnerability OBB-1426347

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
github
github
added 2020/09/11 9:21 p.m.30 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...

5.3AI score
Exploits0References3Affected Software1
osv
osv
added 2020/07/23 8:15 p.m.13 views

CVE-2020-15391

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods on behalf of a victim because of a lack of authentication for the WebSocket protocol. This leads to remote code execution...

9.8CVSS8.1AI score
Exploits0References2
snyk
snyk
added 2020/01/09 11:56 a.m.2 views

Cross-site Scripting (XSS)

Overview stroom:stroom-app is a highly scalable data storage, processing and analysis platform Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue...

8.1CVSS5.6AI score0.00906EPSS
Exploits1References2
ibm
ibm
added 2019/07/10 3:40 p.m.22 views

Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4211)

Summary IBM QRadar SIEM is vulnerable to cross site scripting XSS Vulnerability Details CVEID: CVE-2019-4211 Description: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

5.4CVSS1.2AI score0.00673EPSS
Exploits0Affected Software1
alpinelinux
alpinelinux
added 2019/04/10 8:12 p.m.40 views

CVE-2019-1003050

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...

5.4CVSS5.5AI score0.01346EPSS
Exploits0
Rows per page
Query Builder