10 matches found
EUVD-2022-36777
Malicious code in bioql PyPI...
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function
Summary The Markdown preview function of File Browser v2.32.0 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser Impact A user can upload a malicious Markdown file to the application which can...
CVE-2024-6586
Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to...
CVE-2021-1073
NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of...
Grandstream GXP14XX and GXP16XX Security Vulnerabilities
The Grandstream GXP14XX and Grandstream GXP16XX are both a series of IP phones from American Trend Networks Grandstream. A security vulnerability exists in the Grandstream GXP14XX version 1.0.8.9 and GXP16XX version 1.0.7.13, which originates from a vulnerability that allows a remote attacker to...
Code injection
In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.02.03 and Assetwise Information Integrity Server 23.00.04.04...
CVE-2022-33738
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal...
CVE-2021-31852
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which coul...
Cross site scripting
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which coul...
Nuuo Central Management Server User Session Token Bruteforce
Nuuo Central Management Server below version 2.4 has a flaw where it sends the heap address of the user object instead of a real session number when a user logs in. This can be used to reduce the keyspace for the session number from 10 million to 1.2 million, and with a bit of analysis it can be...