The vulnerability of the User Admin Application component of the SAP NetWeaver AS for Java software, which is used for creating and deploying web applications, allows a attacker to perform XSS attacks.

The vulnerability of the User Admin Application component of the SAP NetWeaver AS for Java software used for creating and deploying web applications is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to carry out XSS...

CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

The vulnerability of the User Admin Application component of the SAP NetWeaver AS for Java software, used for creating and deploying web applications, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the User Admin Application component in the SAP NetWeaver AS for Java software for creating and deploying web applications is related to improper cleaning during exception handling. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity,...

SAP NetWeaver AS Java Information Disclosure (April 2024)

SAP NetWeaver Application Server for Java is affected by an information disclosure vulnerability. 'Self-Registration' and 'Modify your own profile' in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. Th...

PT-2024-2864 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java affected versions not specified Description: The issue is related to the User Admin Application in SAP NetWeaver AS Java, where the self-registration and profile modification functions do not enforce proper security...

CVE-2024-22126

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

CVE-2024-22126

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

Cross site scripting

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

CVE-2024-22126 Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

CVE-2024-22126 Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting XSS vulnerability, leading to a high impact on confidentiality and...

PT-2024-4513 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results ...

specimentrees.com Cross Site Scripting vulnerability OBB-3776010

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

CVE-2023-42321

Cross Site Request Forgery CSRF vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files...

CVE-2023-4009 Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation...

PT-2023-27262 · Mongodb · Mongodb Ops Manager

Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions 5.0 through 5.0.21 MongoDB Ops Manager versions 6.0 through 6.0.16 Description: The issue allows an authenticated user with project owner or project user admin access to generate an API key with the privileges of...

WordPress WordPress User Management and User Admin Plugin – User Magic Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress User Management and User Admin Plugin – User Magic Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5dac84f1c8...

SUSE CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

CVE-2022-41948 Privilege Chaining with the user admin role in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an...

CVE-2022-41339

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...