PT-2023-8358 · Apple · Safari +1

Name of the Vulnerable Software and Affected Versions: Safari versions prior to macOS Sonoma 14.1 Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to spoof the user interface. Visiting a malicious...

PT-2023-9663

Name of the Vulnerable Software and Affected Versions Safari versions prior to 17.1 iOS versions prior to 16.7.2 and prior to 17.1 iPadOS versions prior to 16.7.2 and prior to 17.1 macOS Sonoma versions prior to 14.1 Description The issue is related to an inconsistent user interface that was...

KLA61568 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerability ca...

KLA61569 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerabilit...

KLA61570 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerabilit...

CVE-2023-33840

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037...

CVE-2023-38722

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

IBM Security Verify Governance 跨站脚本漏洞

IBM Security Verify Governance is an identity and access management solution provided by IBM. It is a software system for managing and monitoring user identities, permissions and access. A cross-site scripting vulnerability exists in IBM Security Verify Governance, which can be exploited by an...

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. An unauthenticated remote actor could exploit these...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

Oracle Primavera Unifier (October 2023 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: User Interface jQueryUI. Supported versions th...

CVE-2023-20261

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...

Cisco Catalyst 安全漏洞

Cisco Catalyst SD-WAN Manager is an open and secure management console for cloud-level architectures. A local file inclusion vulnerability exists in the Cisco Catalyst SD-WAN Manager web UI, which can be exploited by a remote attacker to submit a special request that can read the contents of a...

PT-2023-17423 · Cisco · Cisco Catalyst Sd-Wan Manager

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst SD-WAN Manager affected versions not specified Description: A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This...

CVE-2023-22083

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications component: Web UI. Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise...

VulnCheck KEV: CVE-2023-20273

Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE is an operating system developed by Cisco for its network devices.Web UI is a feature of IOS XE software designed to simplify the deployment, management process, and enhance the user experience. The Cisco IOS XE Software web UI elevation of privilege vulnerability can be exploited by...

Vulnerability fixed in Cisco IOS XE

Cisco has fixed a vulnerability in IOS XE. This vulnerability allows an unauthenticated malicious person to remotely create an account - with access level 15 - on an affected device. Through that account, full control over the affected device. As mitigating measures, Cisco makes the following...

PT-2023-6168

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software versions prior to a patch affected versions not specified Description Cisco is aware of active exploitation of a critical, unauthenticated remote code execution vulnerability CVE-2023-20198 in the web UI feature of Cisco...

CVE-2023-35024

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...