CVE-2021-1531

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient...

IBM Security Guardium 跨站脚本漏洞

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A cross-site scripting vulnerability exists in IBM Security Guardium...

Cisco Finesse Open Redirect Vulnerability

Cisco Finesse is a next-generation seat and supervisor desktop designed to provide a collaborative experience for the diverse communities that interact with your customer service organization. An open redirection vulnerability exists in the Web management interface of Cisco Finesse 12.61 and...

CVE-2021-20528

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198761...

CVE-2021-20374

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

UBUNTU-CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

Couchbase Server 安全漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . A security vulnerability exists in the Couchbase Server UI that stems from insecure...

The vulnerability of the User Interface sub-component of the Oracle Projects component in the Oracle E-Business Suite, which allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the User Interface component of the Oracle Projects component in the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...

new module: swig:4.0

The simplified wrapper and interface generator SWIG is a software development utility to connect C, C++, and Objective C programs with a variety of high-level programming languages. SWIG is used to create high-level interpreted programming environments, systems integration, and as a utility for...

IBM Sterling Control Center 跨站脚本漏洞

IBM Sterling Control Center is an application system from IBM in the United States. A centralized monitoring and management system. A cross-site scripting vulnerability exists in IBM Sterling Control Center that allows a user to embed arbitrary JavaScript code in the Web UI to change the intended...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive solution for asset-intensive industries to manage corporate physical assets through a common platform. A cross-site scripting vulnerability exists in IBM Maximo Asset Management versions 7.6.0, 7.6.1. The vulnerability can be exploited by a user to...

CVE-2021-20392

IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from a UI misdescription...

Sifchain: Clickjacking /framing on sensitive Subdomain

Vulnerability Name : Clickjacking /framing Vulnerability Description : Clickjacking is an interface-based attack in which user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website . Vulnerable Url :...

CVE-2020-4535

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906...

KLA12167 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code...

KLA12168 XSS vulnerability in Microsoft Dynamics

A cross-site-scripting XSS vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-28461 Related products Microsoft-Dynamics-365 CVE list CVE-2021-28461 high KB list Solution Install necessary updates from...

PT-2021-3141 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information, which can be exploited by a remote attacker to conduct spoofing attacks. This can...

PT-2021-3139 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to errors in...

PT-2021-3054 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the user interface's information representation in Microsoft SharePoint Enterprise Server. It allows a remote attacker to perform a...