Lucene search
K

8183 matches found

OSV
OSV
added 2020/10/06 4:15 p.m.1 views

CVE-2019-4725

IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131...

6.1CVSS6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/10/05 1:11 p.m.89 views

Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update

An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.2CVSS7.5AI score0.05447EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2020/10/02 12:0 a.m.56 views

Cisco IOS XE Software Privilege Escalation Multiple Vulnerabilities (cisco-sa-ios-webui-priv-esc-K8zvEWM)

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

8.8CVSS7.9AI score0.01804EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/09/30 6:42 a.m.5 views

Mozilla: Custom cursor can overlay user interface

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS7.3AI score0.01237EPSS
Exploits0References5
OSV
OSV
added 2020/09/24 6:15 p.m.4 views

CVE-2020-3400

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this...

8.8CVSS7.3AI score0.00981EPSS
Exploits0References1
OSV
OSV
added 2020/09/23 1:15 a.m.2 views

CVE-2019-15993

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could...

5.3CVSS6.7AI score0.1027EPSS
Exploits3References2
Prion
Prion
added 2020/09/23 1:15 a.m.18 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...

4.3CVSS6.1AI score0.00801EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/23 12:27 a.m.26 views

CVE-2019-15969 Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...

6.1CVSS6.1AI score0.00801EPSS
Exploits0References1
OSV
OSV
added 2020/09/22 2:15 p.m.2 views

CVE-2020-4615

IBM Data Risk Manager iDNA 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928...

5.4CVSS5.4AI score0.00673EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2020/09/22 12:0 a.m.36 views

KLA11964 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. Use after free vulnerability...

8.8CVSS9.5AI score0.01961EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2020/09/22 12:0 a.m.34 views

KLA11966 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. XSS vulnerability can be...

8.8CVSS9.4AI score0.01961EPSS
Exploits0References3
CNVD
CNVD
added 2020/09/22 12:0 a.m.4 views

IBM Aspera Shares Cross-Site Scripting Vulnerability

IBM Aspera Shares is a Web application that enables companies to share content in the form of files and directories of any size within the organization or with external customers and partners. A cross-site scripting vulnerability exists in IBM Aspera Shares 1.9.14 PL1. An attacker can exploit the...

6.1CVSS6.2AI score0.0073EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/09/17 12:0 a.m.4 views

The vulnerability of the SWSE Server component of the Siebel UI Framework allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the SWSE Server component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected information using the HTTP...

6.1CVSS6.8AI score0.0112EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/09/16 12:15 a.m.16 views

Privilege escalation

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface...

2.7CVSS5.6AI score0.00432EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/09/16 12:0 a.m.4 views

McAfee Web Gateway Elevation of Privilege Vulnerability (CNVD-2020-52201)

McAfee Web Gateway is a high-performance secure Web gateway with best-in-class threat protection in a unified appliance software architecture. An elevation of privilege vulnerability exists in McAfee Web Gateway versions prior to 9.2.1. The vulnerability stems from improper user interface access...

5.7CVSS7AI score0.00432EPSS
Exploits0References1
NVD
NVD
added 2020/09/15 11:15 p.m.21 views

CVE-2020-7296

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface...

5.7CVSS0.00432EPSS
Exploits0References1
Prion
Prion
added 2020/09/15 11:15 p.m.22 views

Privilege escalation

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface...

2.7CVSS5.6AI score0.00432EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/15 2:15 p.m.1 views

CVE-2020-4530

IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS5.7AI score0.00561EPSS
Exploits0References2
OSV
OSV
added 2020/09/14 8:15 p.m.17 views

CVE-2020-13311

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...

4.3CVSS6.3AI score0.01498EPSS
Exploits0References3
OSV
OSV
added 2020/09/14 8:15 p.m.3 views

CVE-2019-14757

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...

6.1CVSS6.4AI score
Exploits0References2
Rows per page
Query Builder