Lucene search
K

8109 matches found

OSV
OSV
added 2021/02/18 3:15 p.m.3 views

CVE-2021-20446

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622...

5.4CVSS5.4AI score0.00502EPSS
Exploits0References2
NVD
NVD
added 2021/02/17 5:15 p.m.11 views

CVE-2021-1351

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

6.1CVSS0.00784EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/17 4:55 p.m.17 views

CVE-2021-1351 Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

6.1CVSS6.1AI score0.00784EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/02/17 4:55 p.m.9 views

CVE-2021-1351 Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

6.1CVSS6.1AI score0.00784EPSS
Exploits0References1
NVD
NVD
added 2021/02/17 10:15 a.m.12 views

CVE-2021-23885

Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...

9CVSS0.01089EPSS
Exploits0References1
Prion
Prion
added 2021/02/17 10:15 a.m.14 views

Privilege escalation

Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...

9CVSS9.1AI score0.01089EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/17 9:20 a.m.15 views

CVE-2021-23885 Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI

Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...

9CVSS9.7AI score0.01089EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.5 views

IBM Jazz Reporting Service 跨站脚本漏洞

IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...

5.4CVSS6.1AI score0.00502EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/02/17 12:0 a.m.1 views

CVE-2020-4933

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5AI score0.00502EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.5 views

IBM Maximo for Civil Infrastructure 跨站脚本漏洞

IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. A cross-site scripting vulnerability exists in IBM...

6.1CVSS6.4AI score0.00661EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.5 views

The vulnerability of the user interface of Cisco Webex Meetings Server and Cisco Webex Meetings software allows a perpetrator to insert hyperlinks into electronic invitations.

The vulnerability of the software user interfaces for Cisco Webex Meetings Server and Cisco Webex Meetings is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to insert hyperlinks into electronic invitations...

4.1CVSS5.5AI score0.0103EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/02/15 10:15 p.m.3 views

CVE-2021-21511

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data...

8.1CVSS7.3AI score0.01007EPSS
Exploits0References1
Virtuozzo
Virtuozzo
added 2021/02/15 12:0 a.m.42 views

Virtuozzo Hybrid Infrastructure 4.5 (4.5.0-284)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover compute services, networking, storage core, monitoring, and the administrative user interface. Additionally,...

0.7AI score
Exploits0
OSV
OSV
added 2021/02/11 5:15 p.m.4 views

CVE-2020-4768

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS5.5AI score0.00466EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.5 views

PT-2021-2070 · Microsoft · Skype For Business Server

Name of the Vulnerable Software and Affected Versions: Skype for Business Server Microsoft Lync Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to conduct spoofing attacks...

7.1CVSS6.2AI score0.0162EPSS
Exploits0References6
Kaspersky
Kaspersky
added 2021/02/09 12:0 a.m.51 views

KLA12068 SUI vulnerabilities in Microsoft Exchange Server

A spoofing vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-24085 CVE-2021-1730 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More...

6.5CVSS6.3AI score0.04627EPSS
Exploits7References8
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.3 views

PT-2021-2079 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a spoofing vulnerability in Microsoft Exchange Server, which can be exploited by a remote attacker to conduct spoofing attacks. This vulnerability ...

6.5CVSS7.4AI score0.04627EPSS
Exploits7References18
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.4 views

PT-2021-2076

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: A spoofing issue exists in Microsoft Exchange Server, related to errors in information representation by the user interface. This could allow a remote attacker to conduct...

6.4CVSS7.4AI score0.01817EPSS
Exploits0References12
Kaspersky
Kaspersky
added 2021/02/09 12:0 a.m.25 views

KLA12070 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Dataverse can be exploited...

6.5CVSS6.7AI score0.02806EPSS
Exploits0References7
NVD
NVD
added 2021/02/08 11:15 p.m.16 views

CVE-2020-14391

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Custom...

5.5CVSS0.00318EPSS
Exploits0References1
Rows per page
Query Builder