CVE-2023-52292

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi...

UBUNTU-CVE-2024-45598

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the Poller Standard Error Log Path parameter in either Installation Step 5 or in Configuration-Settings-Paths tab to a local file inside the server. Then simply going to Logs tab and...

CVE-2023-46187

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Apple iOS和iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 18.3 and iPadOS version 18.3, which originates from a visit to a...

About the security content of Safari 18.3

About the security content of Safari 18.3 This document describes the security content of Safari 18.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

PT-2025-1557 · Ibm · Ibm Sterling File Gateway

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.3 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality an...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to replace the user interface.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

The vulnerability of the Frames component in Google Chrome and Microsoft Edge allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.

The vulnerability of the Frames component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML page...

The vulnerability of the Navigation function in Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.

The vulnerability of the Navigation function in Google Chrome and Microsoft Edge relates to bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML...

The vulnerability of the Payments component in Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.

The vulnerability of the Payments component in Google Chrome and Microsoft Edge involves exploiting authentication bypass techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML pa...

Vulnerability of the UI module for business management in Bitrix24 and the 1C-Bitrix content management system: A module that allows attackers to execute arbitrary code

Vulnerability of the UI module for business management in Bitrix24 and the 1C-Bitrix website content management system: Website management involves failing to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a speciall...

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge relates to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the use...

CVE-2024-35145

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2025-02830)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web ...

KLA79353 SUI vulnerability in Microsoft Browser

Security UI vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2025-21262 Related products Microsoft-Edge CVE list CVE-2025-21262 high Solution Install necessary updates from the KB section, that are listed...

PT-2025-1304 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing an unauthorized attacker to perform spoofing attacks over a network...

CVE-2025-23227

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2023-32340

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2025-2665 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by use...

Cross-Site Request Forgery (CSRF)

typo3/cms-lowlevel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of deep links in the backend user interface, caused by insufficient enforcement of HTTP methods and reliance on misconfigured security settings and allows an attacker to manipulate...