69 matches found
PT-2024-40900 · Crateio · Cratedb
Name of the Vulnerable Software and Affected Versions: CrateDB version 5.5.1 Description: The issue concerns an authentication bypass in the Admin UI component. It can be exploited by setting the X-Real-IP request header to a specific value, allowing access to the Admin UI using the default user...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...
PT-2023-25099 · Ibm · Ibm Cloud Pak For Business Automation
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 22.0.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...
CVE-2022-22512 VARTA: Multiple devices prone to hard-coded credentials
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...
CVE-2022-45096
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information...
CVE-2022-45096
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information...
Cross-site Scripting (XSS)
spark-core2.12 is vulnerable to cross-site scripting. The vulnerability exists because the loadMore function of log-view.js does not properly escape the log content rendered in UI, allowing an attacker to inject and execute a malicious JavaScript payload into the logs...
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty
Summary There are multiple vulnerabilities in Jetty Server. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in t...
Argo CD's external URLs for Deployments can include JavaScript
Impact All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions up to and including admin. The scri...
GHSA-VPJM-58CW-R8Q5 Arbitrary file read vulnerability in workspace browsers in Jenkins
The file browser for workspaces, archived artifacts, and $JENKINSHOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2.274 and earlier, LTS 2.263.1 and earlier. This allows attackers with Job/Workspace permission and the ability to control workspac...
IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...
Google Chrome 注入漏洞
Google Chromium is an open source web browser from Google USA. A security vulnerability previously existed in Chromium version 90.0.4430.212. The vulnerability stems from an incorrect security UI security issue found in the Web App Installs component of the program. No details of the vulnerabilit...
CVE-2021-20518
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437...
DEBIAN-CVE-2021-21170
Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page...
ui.mysodalis.com Cross Site Scripting vulnerability OBB-1426347
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...
CVE-2020-15391
The UI in DevSpace 4.13.0 allows web sites to execute actions on pods on behalf of a victim because of a lack of authentication for the WebSocket protocol. This leads to remote code execution...
Cross-site Scripting (XSS)
Overview stroom:stroom-app is a highly scalable data storage, processing and analysis platform Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue...
Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4211)
Summary IBM QRadar SIEM is vulnerable to cross site scripting XSS Vulnerability Details CVEID: CVE-2019-4211 Description: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2019-1003050
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...