8183 matches found
CVE-2020-3501
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...
CVE-2020-3346
A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The...
CVE-2020-3346
A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The...
Input validation
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...
CVE-2020-3463 Cisco Webex Meetings Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient...
CVE-2020-3501 Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...
CVE-2020-3502 Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...
The vulnerability of the UI & Visualization component of the Oracle Hyperion BI+ service, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the UI & visualization component of the Oracle Hyperion BI+ event service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...
The vulnerability of the User Interface component of the Oracle SD-WAN Edge application allows a hacker to gain full control over the application.
The vulnerability of the User Interface component of the Oracle SD-WAN Edge application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using the HTTP protocol...
The vulnerability of Google Chrome’s user interface allows a perpetrator to compromise data integrity.
The vulnerability of Google Chrome’s user interface is related to the lack of standard permission mechanisms. Exploiting this vulnerability can allow a perpetrator to compromise data integrity...
The vulnerability of the Advanced User Interface component of the Oracle WebCenter Sites application allows a malicious actor to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Advanced User Interface component of the Oracle WebCenter Sites application for online user services is related to the lack of protective measures for the website structure. Exploiting this vulnerability may allow an attacker, operating remotely, to modify, add, or delete...
The vulnerability of Google Chrome’s user interface allows a perpetrator to compromise data integrity.
The vulnerability of Google Chrome’s user interface is related to the lack of a mechanism for checking entered data. Exploiting this vulnerability allows an attacker to affect the integrity of data through a specially created domain name...
Travel Management System 1.0 Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Travel Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku Vulnerability Discovery: Adeeb Shah @hyd3sec Date: August 10, 2020 Vendor Homepage:...
Google Chrome Security Bypass Vulnerability (CNVD-2020-49878)
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in the installer in versions prior to Google Chrome 84.0.4147.125 that stems from a failure to properly secure the user interface. An attacker can exploit the vulnerability to bypass security...
KLA11933 XSS vulnerability in Microsoft Dynamics
A cross-site-scripting vulnerability was found in Microsoft Dynamics.Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2020-1591 Related products Microsoft-Dynamics-365 CVE list CVE-2020-1591 high KB list 4541722 Solution Install necessary updates fro...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
CVE-2020-4539
IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...