IBM Cloud Pak for Business Automation Cross-Site Scripting Vulnerability

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A security vulnerability exists in IBM Cloud Pak for Business Automation that...

PT-2023-6222 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in presenting information to the user interface, which can allow a remote attacker to conduct spoofing attacks. Recommendations: At the...

The vulnerability of the Navigation component in Google Chrome allows attackers to carry out spoofing attacks.

The vulnerability of the Navigation component in Google Chrome is related to information representation errors in the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks using a specially created HTML page...

SUSE CVE-2023-5481

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

Default credentials

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

CVE-2023-30801

CVE-2023-30801 affects qbittorrent up to version 4.5.5, where the web UI uses default credentials and admins are not forced to change them. A remote attacker could authenticate via the Web UI's external program feature and execute OS commands. Exploitation reports existed in the wild in March 202...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

PT-2023-8956

Name of the Vulnerable Software and Affected Versions qBittorrent versions 4.5.5 and earlier Description The issue is related to the use of default credentials when the web user interface is enabled, allowing a remote attacker to authenticate and execute arbitrary operating system commands using...

WordPress Plugin ShortCodes UI Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-31744 · Sick · Sick Apu Rdt400

Name of the Vulnerable Software and Affected Versions: SICK APU RDT400 affected versions not specified Description: The issue allows an unprivileged remote attacker to potentially reveal sensitive information by tricking a user into clicking on an actionable item using an iframe. This is due to...

CVE-2023-3971

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...

Design/Logic Flaw

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...

CVE-2023-3971 Controller: html injection in custom login info

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise...

CVE-2023-3971

The CVE-2023-3971 HTML injection flaw affects Red Hat Ansible Automation Platform’s Automation Controller UI (Controller). The issue allows an attacker to craft a malicious login page to capture credentials, enabling complete compromise per the CVE description. Remediation is in RHSA-2023:4590/RH...

CVE-2023-40684

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

IBM FileNet Content Manager 跨站脚本漏洞

IBM FileNet Content Manager is a flexible and full-featured content management solution. A cross-site scripting vulnerability exists in the IBM FileNet Content Manager Web UI, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive...

PT-2023-27599 · Ibm · Daeja Viewone Virtual +1

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.11 through 3.0.14 with IBM Daeja ViewOne Virtual Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...