UBUNTU-CVE-2023-1235

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. Chromium security severity: Low...

The vulnerability of the PowerScale OneFS operating system, related to deficiencies in user interface security, allows attackers to disclose protected information.

The vulnerability of the PowerScale OneFS operating system is related to security flaws in the user interface. Exploiting this vulnerability could allow a malicious actor, operating remotely, to expose sensitive information that is protected by the system...

CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

Cross site scripting

A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

CVE-2023-20104 Cisco Webex App for Web Cross-Site Scripting Vulnerability

A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Mozilla Thunderbird Security Advisories (MFSA2023-05, MFSA2023-07) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

CVE-2022-35645

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

SUSE-SU-2023:0599-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Updated Mozilla Thunderbird to version 102.8.0 bsc1208144: - CVE-2023-0616: Fixed User Interface lockup via messages combining S/MIME and OpenPGP. - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes...

CVE-2022-4901

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim...

The vulnerability of the Full Screen Mode implementation of the Google Chrome browser, which allows a hacker to alter the content of the user interface

The vulnerability of Google Chrome’s full-screen mode implementation is related to errors in data type mixing. Exploiting this vulnerability allows a malicious actor to modify the content of the user interface remotely by using a specially crafted HTML page...

The vulnerability of Microsoft Edge browsers, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created malicious web page...

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with Steps To Reproduce 1. Create a New HTML file as shown in below i....

DEBIAN-CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

UBUNTU-CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

CVE-2022-41567

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting XSS attack on the affected system. Affected releases are TIBCO Software Inc.'s...

CVE-2022-43873

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

K61045143: Configuration utility CSRF vulnerability

Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, may allow a malicious site to force an administrative session to log out and require re-authentication. Impact A remote...

K44603900: BIG-IP Configuration utility vulnerability CVE-2019-6598

Security Advisory Description Malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role other than the No Access role. The No Access user...