PT-2021-3090 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing a remote attacker to conduct spoofing attacks. It affects the system,...

KLA12165 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An implementation vulnerability in Offlin...

IBM Control Desk 跨站脚本漏洞

IBM Control Desk is an application from IBM USA. Automated service management and seamlessly integrated, best-practice based service desk functionality. IBM Smart Cloud Control Desk suffers from a cross-site scripting vulnerability that originates from allowing a user to embed arbitrary JavaScrip...

CVE-2021-1490

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to improper...

CVE-2021-1490 Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to improper...

KLA12184 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. A data validation vulnerability in V8 can be exploited to bypass security...

CVE-2020-4929

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706...

CVE-2021-20397

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196017...

The vulnerability of the User Interface sub-component of the Oracle E-Business Tax component in the Oracle E-Business Suite system, which allows a perpetrator to gain unauthorized access to the device and disclose protected information.

The vulnerability of the User Interface component of the Oracle E-Business Tax system, a business automation solution from Oracle E-Business Suite, is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device and...

Debian: Security Advisory (DSA-4911-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GravCMS Remote Command Execution

This module exploits arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify...

IBM QRadar SIEM 跨站脚本漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...

CVE-2020-4929

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706...

Debian DSA-4911-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-21227 Gengming Liu discovered a data validation issue in the v8 JavaScript library. - CVE-2021-21228 Rob Wu discovered a policy enforcement error. - CVE-2021-21229 Mohit Raj discovered a user interface error in t...

GravCMS 1.10.7 Remote Command Execution Exploit

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and...

IBM FlashSystem 900 跨站脚本漏洞

IBM FlashSystem 900 is a software application from IBM, USA. Provides a subtle delay. A cross-site scripting vulnerability exists in IBM FlashSystem 900 versions 1.5.2.9 and 1.6.1.3 that allows an attacker to alter the intended functionality by embedding arbitrary JavaScript code in the Web UI,...

CVE-2021-1457

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

CVE-2021-1456

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

CVE-2021-1458

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...