CVE-2022-20916 Cisco IoT Control Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly...

CVE-2022-20916 Cisco IoT Control Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly...

多款Apple产品 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An input validation error vulnerability exists in Apple iOS before 15.6 and iPadOS before 15.6, which stems fr...

CVE-2022-21575

Vulnerability in the Oracle WebCenter Sites Support Tools product of Oracle Fusion Middleware component: User Interface. The supported version that is affected is Prior to 4.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-21518

Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications component: User Interface. Supported versions that are affected are 2.4.8.7 and 2.5.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTT...

CVE-2022-21518

Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications component: User Interface. Supported versions that are affected are 2.4.8.7 and 2.5.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTT...

Design/Logic Flaw

Vulnerability in the Oracle WebCenter Sites Support Tools product of Oracle Fusion Middleware component: User Interface. The supported version that is affected is Prior to 4.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-22417

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

IBM Sterling Partner Engagement Manager 跨站脚本漏洞

A cross-site scripting vulnerability exists in IBM Sterling Partner Engagement Manager, an automation management tool from IBM. IBM Sterling Partner Engagement Manager stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to...

CVE-2022-33925

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information...

[SECURITY] Fedora 35 Update: podman-tui-0.2.1-2.fc35

podman-tui is a terminal user interface for Podman v3 =3D 3.1. it is using podman.socket service to communicate with podman machine...

CVE-2022-30242

Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller...

CVE-2022-30245

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...

(Pwn2Own) Inductive Automation Ignition ZIP File Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

USN-5512-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass CSP restrictions, or execute...

多款小米手机缓冲区错误漏洞

The Xiaomi Redmi K40 and the Xiaomi Redmi Note10 Pro are both smartphones from Chinese company Xiaomi. The Xiaomi phones have a security vulnerability that stems from a heap overflow that can be exploited by an attacker to cause a remote denial of service. The following versions are affected: Red...

CVE-2022-34358

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516...

CVE-2022-22477

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

The vulnerability of Schneider Electric Conext ComBox’s communication and monitoring software lies in improper restrictions on the layers or frames of the user interface that are displayed. This allows attackers to compromise the integrity of data.

The vulnerability of the microprogramming software of Schneider Electric Conext ComBox relates to incorrect restrictions on the visible layers or frames of the user interface. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

CVE-2022-33689

Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call...