Seiko Solutions SkyBridge 安全漏洞

Seiko Solutions SkyBridge is a series of routers from Seiko Solutions Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/110. An authenticated, remote attacker could exploit the vulnerability to change the product's WebUI password...

CVE-2023-28317

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order...

KLA49166 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in Content proce...

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, a German company. A cross-site scripting vulnerability exists in the SAP CRM WebClient UI that stems from not adequately coding user-controlled input. An attacker exploiting the vulnerability could read and modify some sensitive...

PT-2023-2885 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome on ChromeOS versions prior to 113.0.5672.114 Description: The issue is related to a use after free in the ChromeOS Camera component, which could allow a remote attacker to potentially exploit heap corruption via specific UI...

KLA49165 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Out of bounds...

PYSEC-2023-60

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

PT-2025-1389 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 IBM Sterling B2B Integrator version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentiall...

NetScaler firmware upgrade to 13.1-42.47 or later versions failing from GUI

NetScalers havingany builds of 12.1 or 13.0 version or earlier than 13.1-42.47 cannot perform an upgrade to the version 13.1-42.47 or later through GUI. Trying to perform an upgrade through GUI reports an error "file too large" or UI might hang...

SUSE CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: Medium...

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the web-based user interface. The...

DEBIAN-CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: Medium...

DEBIAN-CVE-2023-2466

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2023-2468

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. Chromium security severity: Low...

PT-2023-2780 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to the fixed version Description: Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility, allowing an attacker to run JavaScript in the context of the...

CVE-2023-25492

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...

CVE-2022-43871

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

PT-2023-14381 · Ibm · Ibm Financial Transaction Manager For Swift Services

Name of the Vulnerable Software and Affected Versions: IBM Financial Transaction Manager for SWIFT Services version 3.2.4 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...

PT-2023-19198 · Ubiquiti · Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 Description: A critical issue affects some unknown functionality of the Web Management Interface component. The manipulation of the suffix-rate-up argument leads to command injection. The...

PT-2023-2716 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to perform a spoofing attack...