CVE-2023-20068 Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...

UBUNTU-CVE-2023-1822

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

KLA48769 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in Navigation can be exploit...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome Picture In Picture, which stems from an incorrect security UI in Picture In Picture. An attacker can exploit this vulnerability to bypass security restrictions...

Hive Pro Unveils Enhanced Version of HivePro Uni5 Threat Exposure Management Platform v2.1.0

Featuring diversified deployment options, seamless tool integration, and a refined user interface. Milpitas, CA – 3rd April 2023 – Hive Pro, a prominent cybersecurity firm specializing in Threat Exposure Management, today introduced the version update v2.1.0 to its flagship HivePro Uni5 platform,...

CVE-2023-26283

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416...

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected XSS Vulnerabilities

Exploit Title: Yahoo User Interface library YUI2 TreeView v2.8.2 - Multiple Reflected Cross Site Scripting XSS Exploit Author: Rian Saaty Vendor Homepage: https://yui.github.io/yui2/ Software Link: https://yui.github.io/yui2/ Version: 2.8.2 Tested on: MacOS, WindowsOS, LinuxOS CVE : CVE-2022-4819...

VulnCheck KEV: CVE-2022-42948

Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution...

Mageia: Security Advisory (MGASA-2023-0057)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-3294 · Abb · Abb My Control System

Name of the Vulnerable Software and Affected Versions: ABB My Control System on-premise versions 5.0;0 through 5.13 Description: The issue is related to insecure storage of sensitive information, allowing an attacker who successfully exploits it to gain access to secure application data or take...

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to information representation errors in the user interface, allow attackers to perform spear-phishing attacks.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow attackers to perform spear-phishing attacks remotely...

Security Bulletin: Vulnerability in the TS3100/TS3200 Web User Interface could allow unauthorized library access (CVE-2011-1372)

Summary Security Bulletin: Vulnerability in the TS3100/TS3200 Web User Interface could allow unauthorized library access CVE-2011-1372 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the library may be obtained without supplying proper credentials. Vulnerability...

UBUNTU-CVE-2023-20953

In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Fortra Cobalt Strike 跨站脚本漏洞

Fortra Cobalt Strike is an application from Fortra, Inc. provides you with a post-development agent and covert channel to mimic a quiet, long-term embedded participant in a customer's network. A security vulnerability in Fortra Cobalt Strike version 4.7.1, which stems from the inability to proper...

CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

The vulnerability of the Azure Service Fabric distributed system, related to errors in information representation by the user interface, allows a hacker to perform a spoofing attack.

The vulnerability of the Azure Service Fabric distributed system is related to errors in information representation by the user interface. Exploiting this vulnerability may allow a malicious actor to perform a spoofing attack remotely...

PT-2023-21890 · Jenkins · Jenkins Jacoco Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JaCoCo Plugin versions 3.3.2 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability. It occurs because class and method names shown on the UI are not escaped, allowing attackers who can control input fil...

VARTA Storage 信任管理问题漏洞

VARTA Storage is VARTA's AC all-in-one system with an integrated battery inverter, ideal for retrofits or new installations. VARTA Storage suffers from a trust management issue vulnerability that stems from hard-coded credentials that allow an unauthorized attacker to gain administrative access t...

The vulnerability of Microsoft Excel editors, related to errors in information representation by the user interface, allows attackers to perform spoofing attacks.

The vulnerability of Microsoft Excel editors is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

The vulnerability of the Microsoft Office application suite for Android, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Office application suite for Android is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to carry out spear-phishing attacks...