IBM Datacap Navigator 跨站脚本漏洞

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from a cross-site scripting vulnerability that originates from allowing arbitrary JavaScript code to be embedded in the Web UI, which could alter the intended functionality an...

CVE-2024-40690

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 29772...

PT-2024-4960 · Ibm · Ibm Datacap Navigator

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9 Description: The issue exists due to insufficient protection of the web page structure, allowing for stored cross-site scripting attacks. This enables users to embed arbitrary JavaScript code...

PT-2024-28986 · Ibm · Ibm Infosphere Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Server version 11.7 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

PT-2024-5559

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue is related to insufficient session expiration in the FortiAIOps graphical user interface, allowing an attacker to reuse stolen old session tokens. This could enable a remote attacker to gain...

KLA70407 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft SharePoint...

IBM Cloud Pak for Business Automation 跨站脚本漏洞

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. IBM Cloud Pak for Business Automation suffers from a cross-site scripting...

PT-2024-27629 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 23.0.2 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

The vulnerability of the Firefox Focus browser on iOS operating systems allows a hacker to perform spoofing attacks.

The vulnerability of the Firefox Focus browser on iOS operating systems is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

The vulnerability of Firefox browser for iOS, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Firefox browser for iOS is related to information representation errors in the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks using the address bar attribute cpLocation...

CVE-2024-20891

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2024-37065)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...

PT-2024-18804 · Systemui · Systemui

Name of the Vulnerable Software and Affected Versions: SystemUI versions prior to SMR Jul-2024 Release 1 Description: The issue is related to improper access control in the launchFullscreenIntent of SystemUI, allowing local attackers to launch privileged activities. Recommendations: For versions...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2024-30211)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

CVE-2024-28200

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...

CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

CVE-2024-37145

Flowise v1.4.3 exposes a reflected XSS in /api/v1/chatflows-streaming/id. An unauthenticated user can craft a URL to inject Javascript, potentially exfiltrating data, creating popups, or redirecting users, with reflection on 404 HTML pages enabling script attachment. This XSS may be chained with ...

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration unauthenticated,...

PT-2024-22335

Name of the Vulnerable Software and Affected Versions N-central versions prior to 2024.2 Description The issue concerns an authentication bypass of the user interface. It was discovered through an internal source code review, and there have been no observed exploitations in the wild...

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...