IBM Cognos Analytics Web UI Cross-Site Scripting Vulnerability (CNVD-2024-15375)

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. A cross-site scripting vulnerability exists in the IBM Cognos Analytics Web UI, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain...

PT-2024-12317 · Ibm · Ibm Connect:Express For Unix

Name of the Vulnerable Software and Affected Versions: IBM Connect:Express for UNIX version 1.5.0 Description: The issue is related to a buffer overflow that could allow a remote attacker to cause a denial of service through the browser UI. Recommendations: For IBM Connect:Express for UNIX versio...

PT-2024-12713 · Ibm · Ibm Cics Tx Advanced

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced version 10.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

CVE-2023-43054

IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

Huawei HarmonyOS and EMUI Package Management Module Privilege Control Class Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege control type vulnerability exists in the...

Huawei HarmonyOS and EMUI Lock Screen Module Privilege Management Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege management vulnerability exists in the...

IBM Engineering Requirements Management DOORS Next 跨站脚本漏洞

IBM Engineering Requirements Management DOORS is a requirements management tool. A cross-site scripting vulnerability exists in IBM Engineering Requirements Management DOORS, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI...

PYSEC-2024-245

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

PT-2024-2161 · Ibm · Ibm Engineering Test Management

Name of the Vulnerable Software and Affected Versions: IBM Engineering Test Management versions 7.0.2 through 7.0.3 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in incorrect restrictions on the number of user interface layers or frames that can be displayed. This allows attackers to execute arbitrary code.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of user interface layers or frames that can be displayed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-50303

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process, which allows a malicious individual to alter the settings of the user interface for project management.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to modify the settings of the user interface for project...

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to information representation errors in the user interface, allow attackers to perform spear-phishing attacks.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow attackers to perform spear-phishing attacks using full-screen notifications...

The vulnerability of the Microsoft Azure Active Directory B2C access and identity management service, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Azure Active Directory B2C access and identity management service is related to information representation errors in the user interface. Exploiting this vulnerability could allow a malicious actor to perform spear-phishing attacks remotely...

PT-2024-2053 · Ibm · Ibm Engineering Requirements Management Doors

Name of the Vulnerable Software and Affected Versions: IBM Engineering Requirements Management versions 9.7.2.7 Description: The issue exists due to insufficient protection of the web page structure, allowing a remote attacker to exploit it and potentially disclose protected information. This...

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

PT-2024-13894 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

The vulnerability of Microsoft Edge browser on Android, related to information representation errors in the user interface, allows a hacker to perform a spear-phishing attack.

The vulnerability of Microsoft Edge browser on Android is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform a spear-phishing attack...

CVE-2023-38359

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. A cross-site scripting vulnerability exists in the IBM Cognos Analytics Web UI, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain...