8026 matches found
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...
CVE-2021-1457 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...
KLA12161 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. A data validation vulnerability in V8 can be exploited to...
Debian DSA-4906-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue. - CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions. - CVE-2021-21203 asnine discovered a use-after-free issue in...
CVE-2021-20448
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624...
CVE-2021-29666
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...
CVE-2021-20549
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167...
UBUNTU-CVE-2021-21216
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...
UBUNTU-CVE-2021-21215
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...
Xxe
An XML External Entities XXEvulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x...
CVE-2021-2267
Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...
CVE-2021-2274
Vulnerability in the Oracle E-Business Tax product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
Design/Logic Flaw
Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
Design/Logic Flaw
Vulnerability in the Oracle Projects product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects...
CVE-2021-2274
Vulnerability in the Oracle E-Business Tax product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2021-2258
CVE-2021-2258 affects Oracle E-Business Suite, Oracle Projects UI. Affected versions: 12.1.1–12.1.3 and 12.2.3–12.2.10. Description confirms a low-privilege, network-accessible (HTTP) vulnerability in Oracle Projects that can lead to unauthorized create/delete/modify of critical data or access to...
CVE-2021-2258
Vulnerability in the Oracle Projects product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects...
Huawei Data Communication: Disable the security policy of the VTY user interface
Disables the VTY user interface security policy. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
PT-2021-2860 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information stored on an...