8133 matches found
The vulnerability of Microsoft Exchange Server is related to the lack of protection for service data, which allows attackers to carry out spoofing attacks.
The vulnerability of Microsoft Exchange Server servers is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of the Downloads function in Google Chrome web browsers allows a hacker to circumvent existing security restrictions.
The vulnerability of the Downloads function in the Google Chrome web browser is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
The vulnerability of Microsoft Exchange Server servers, related to the false representation of information by the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of Microsoft Exchange Server is related to the false representation of information by the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of the DevTools set of tools in the Google Chrome web browser allows a hacker to bypass existing security restrictions.
The vulnerability of the DevTools set of tools in the Google Chrome web browser is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
CVE-2021-20446
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622...
CVE-2021-1351
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...
CVE-2021-1351 Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...
CVE-2021-1351 Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...
CVE-2021-23885
Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...
Privilege escalation
Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...
CVE-2021-23885 Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI
Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...
IBM Jazz Reporting Service 跨站脚本漏洞
IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...
CVE-2020-4933
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
IBM Maximo for Civil Infrastructure 跨站脚本漏洞
IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. A cross-site scripting vulnerability exists in IBM...
The vulnerability of the user interface of Cisco Webex Meetings Server and Cisco Webex Meetings software allows a perpetrator to insert hyperlinks into electronic invitations.
The vulnerability of the software user interfaces for Cisco Webex Meetings Server and Cisco Webex Meetings is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to insert hyperlinks into electronic invitations...
CVE-2021-21511
Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data...
Virtuozzo Hybrid Infrastructure 4.5 (4.5.0-284)
In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover compute services, networking, storage core, monitoring, and the administrative user interface. Additionally,...
CVE-2020-4768
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
PT-2021-2070 · Microsoft · Skype For Business Server
Name of the Vulnerable Software and Affected Versions: Skype for Business Server Microsoft Lync Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to conduct spoofing attacks...
KLA12068 SUI vulnerabilities in Microsoft Exchange Server
A spoofing vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-24085 CVE-2021-1730 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More...