PT-2023-5489 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 117.0.5938.62 Description: The issue is related to an inappropriate implementation in Intents, allowing a remote attacker to obfuscate security UI via a crafted HTML page. This could potentially enab...

CVE-2022-22402

IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571...

IBM Aspera Cross-Site Scripting Vulnerability

IBM Aspera is a suite of fast file transfer and streaming solutions from International Business Machines IBM built on the IBM FASP protocol. A cross-site scripting vulnerability exists in IBM Aspera Faspex version 5.0.5, which originates from a vulnerability that allows a user to embed arbitrary...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)

Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

The vulnerability of the Microsoft OneNote note-taking software, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft OneNote note-taking software relates to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

KLA59908 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds memory access vulnerability in FedCM can be exploited to...

The vulnerability of Microsoft SharePoint Server’s software packages, related to errors in information presentation on the user interface, allows attackers to perform spoofing attacks.

The vulnerability of Microsoft SharePoint Server packages is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

Tinycontrol LAN Controller 3 Remote Credential Extraction Exploit

!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...

KLA52675 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memor...

The vulnerability of the web-server of the programmable logical controller ioLogik arises from an improper limitation on the displayed layers of the user interface. This allows a intruder to compromise the integrity of the protected information.

The vulnerability of the web-server of the programmable logical controller ioLogik is related to an incorrect limitation on the displayed layers of the user interface. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the protected information...

CVE-2022-43909

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905...

CVE-2023-30435

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

PT-2023-14393 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.4 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

PT-2023-22689 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.3 through 11.5 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cisco Evolved Programmable Network Manager XSS (cisco-sa-pi-epnm-storedxss-tTjO62r)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is 7.0 or earlier. It is, therefore, affected by a cross-site scripting XSS vulnerability. Due to insufficient validation of user input, an unauthenticated, remote attacker can, inject malicious code into...

Cisco Prime Infrastructure XSS (cisco-sa-pi-epnm-storedxss-tTjO62r)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.4. It is, therefore, affected by a cross-site scripting XSS vulnerability. Due to insufficient validation of user input, an unauthenticated, remote attacker can, inject malicious code into specific pages of th...

KLA61310 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Audio can be exploited to cause denial of servi...

Cross Site Scripting (XSS)

Keycloak is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing the username field when the same field is displayed back to the user on the user interface through browser. The attacker can include a malicious script in the username field and make that username field...

ncurses 缓冲区错误漏洞

ncurses is a character terminal processing library that provides a set of functions that can be called by the user to generate a text-based user interface. A security vulnerability exists in ncurses version 6.1 due to a buffer overflow in the fmtentry method of progs/dumpentry.c. The vulnerabilit...

The vulnerability of the Microsoft .NET Framework software, related to errors in user interface information representation, allows attackers to perform spear-phishing attacks.

Vulnerability of the Microsoft .NET Framework software platform, related to errors in user interface information presentation. Exploitation of this vulnerability can allow attackers to perform spear-phishing attacks remotely...