8109 matches found
CVE-2021-20446
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622...
CVE-2021-1351
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...
CVE-2021-1351 Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...
CVE-2021-1351 Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...
CVE-2021-23885
Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...
Privilege escalation
Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...
CVE-2021-23885 Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI
Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...
IBM Jazz Reporting Service 跨站脚本漏洞
IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...
CVE-2020-4933
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
IBM Maximo for Civil Infrastructure 跨站脚本漏洞
IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. A cross-site scripting vulnerability exists in IBM...
The vulnerability of the user interface of Cisco Webex Meetings Server and Cisco Webex Meetings software allows a perpetrator to insert hyperlinks into electronic invitations.
The vulnerability of the software user interfaces for Cisco Webex Meetings Server and Cisco Webex Meetings is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to insert hyperlinks into electronic invitations...
CVE-2021-21511
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data...
Virtuozzo Hybrid Infrastructure 4.5 (4.5.0-284)
In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover compute services, networking, storage core, monitoring, and the administrative user interface. Additionally,...
CVE-2020-4768
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
PT-2021-2070 · Microsoft · Skype For Business Server
Name of the Vulnerable Software and Affected Versions: Skype for Business Server Microsoft Lync Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to conduct spoofing attacks...
KLA12068 SUI vulnerabilities in Microsoft Exchange Server
A spoofing vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-24085 CVE-2021-1730 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More...
PT-2021-2079 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a spoofing vulnerability in Microsoft Exchange Server, which can be exploited by a remote attacker to conduct spoofing attacks. This vulnerability ...
PT-2021-2076
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: A spoofing issue exists in Microsoft Exchange Server, related to errors in information representation by the user interface. This could allow a remote attacker to conduct...
KLA12070 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Dataverse can be exploited...
CVE-2020-14391
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Custom...