Cross site scripting

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management...

Online Student Admission System Cross-Site Scripting Vulnerability

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A cross-site scripting vulnerability exists in the Online Student Admission System, which stems from an unknown function in its student user...

HUAWEI EMUI 安全漏洞

HUAWEI EMUI is an Android-based mobile operating system developed by China's Huawei HUAWEI. A security vulnerability exists in HUAWEI EMUI version 12.0.0, which stems from a permission control issue in the network module causing an attacker to impact service availability after successful...

The vulnerability of the User Interface component of the Oracle Health Sciences Data Management Workbench allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the User Interface component of the Oracle Health Sciences Data Management Workbench exists due to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information through HTTP...

The vulnerability of the WebUI user interface of Google Chrome browsers allows a hacker to disclose protected information.

The vulnerability of the WebUI user interface of Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

KLA12605 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in .NET can be exploited remotely to spoof user interface. ...

The vulnerability of the software web interface of Cisco Webex Meetings allows a perpetrator to compromise data integrity.

The vulnerability of Cisco Webex Meetings software’s web interface is related to incorrect restrictions on the visible layers or frames of the user interface. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...

GHSA-4WM8-C2VV-XRPQ JSPUI Possible Cross Site Scripting in "Request a Copy" Feature

Impact The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact the XMLUI or 7.x. Patches...

de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-identifiers-enduring-submission-jspui (=6.3.0) +1 more potentially affected by CVE-2022-31191 via org.dspace:dspace-jspui (>=6.0 <=6.3)

org.dspace:dspace-jspui MAVEN version =6.0, =6.2.0, =6.0, =6.3 Source cves: CVE-2022-31191 Source advisory: OSV:GHSA-C558-5GFM-P2R8...

GHSA-C558-5GFM-P2R8 JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting

Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. This...

GHSA-7W85-PP86-P4PQ XMLUI's metadata of withdrawn Items is exposed to anonymous users

Impact Metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. However, this vulnerability is very low severity as Item metadata does not tend to contain highly secure or sensitiv...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. in the United States. Google Chrome version 103.0.5060.53 previously contained a security vulnerability that originated from an insecure UI in the Notifications interface...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices LauncherProvider module SMR Aug-2022 Release 1 prior to Release 1, which stems from the...

PT-2022-3966 · Vmware · Identity Manager +2

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Access, Identity Manager and vRealize Automation affected versions not specified Description: The issue is related to an authentication bypass vulnerability affecting local domain users. A malicious actor with network...

CVE-2022-32750

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

IBM DataPower Gateway 跨站脚本漏洞

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

Fedora: Security Advisory for podman-tui (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-32750

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

CVE-2022-31774

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

KLA12599 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in cursor can be exploited to spoof user interface. 2...