8183 matches found
CVE-2019-4725
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131...
Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update
An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
Cisco IOS XE Software Privilege Escalation Multiple Vulnerabilities (cisco-sa-ios-webui-priv-esc-K8zvEWM)
A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges on an affected device. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Mozilla: Custom cursor can overlay user interface
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
CVE-2020-3400
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this...
CVE-2019-15993
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...
CVE-2019-15969 Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...
CVE-2020-4615
IBM Data Risk Manager iDNA 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928...
KLA11964 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. Use after free vulnerability...
KLA11966 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. XSS vulnerability can be...
IBM Aspera Shares Cross-Site Scripting Vulnerability
IBM Aspera Shares is a Web application that enables companies to share content in the form of files and directories of any size within the organization or with external customers and partners. A cross-site scripting vulnerability exists in IBM Aspera Shares 1.9.14 PL1. An attacker can exploit the...
The vulnerability of the SWSE Server component of the Siebel UI Framework allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the SWSE Server component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected information using the HTTP...
Privilege escalation
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface...
McAfee Web Gateway Elevation of Privilege Vulnerability (CNVD-2020-52201)
McAfee Web Gateway is a high-performance secure Web gateway with best-in-class threat protection in a unified appliance software architecture. An elevation of privilege vulnerability exists in McAfee Web Gateway versions prior to 9.2.1. The vulnerability stems from improper user interface access...
CVE-2020-7296
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface...
Privilege escalation
Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface...
CVE-2020-4530
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2020-13311
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...
CVE-2019-14757
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...