Lucene search
K

8183 matches found

NVD
NVD
added 2020/08/17 6:15 p.m.19 views

CVE-2020-3501

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...

4.1CVSS4.5AI score0.01019EPSS
Exploits0References1
OSV
OSV
added 2020/08/17 6:15 p.m.1 views

CVE-2020-3346

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The...

6.1CVSS6.6AI score0.00833EPSS
Exploits0References1
NVD
NVD
added 2020/08/17 6:15 p.m.19 views

CVE-2020-3346

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The...

6.1CVSS6AI score0.00833EPSS
Exploits0References1
Prion
Prion
added 2020/08/17 6:15 p.m.17 views

Input validation

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...

3.5CVSS4.6AI score0.01019EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/08/17 6:0 p.m.21 views

CVE-2020-3463 Cisco Webex Meetings Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient...

6.1CVSS6AI score0.0083EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/08/17 6:0 p.m.10 views

CVE-2020-3501 Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...

4.1CVSS6.7AI score0.01019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/08/17 6:0 p.m.13 views

CVE-2020-3502 Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...

4.1CVSS6.7AI score0.01019EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.3 views

The vulnerability of the UI & Visualization component of the Oracle Hyperion BI+ service, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI & visualization component of the Oracle Hyperion BI+ event service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

4.9CVSS6.4AI score0.01018EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.3 views

The vulnerability of the User Interface component of the Oracle SD-WAN Edge application allows a hacker to gain full control over the application.

The vulnerability of the User Interface component of the Oracle SD-WAN Edge application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using the HTTP protocol...

10CVSS7.8AI score0.02516EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.3 views

The vulnerability of Google Chrome’s user interface allows a perpetrator to compromise data integrity.

The vulnerability of Google Chrome’s user interface is related to the lack of standard permission mechanisms. Exploiting this vulnerability can allow a perpetrator to compromise data integrity...

5.3CVSS7.1AI score0.01224EPSS
Exploits1References13Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.4 views

The vulnerability of the Advanced User Interface component of the Oracle WebCenter Sites application allows a malicious actor to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Advanced User Interface component of the Oracle WebCenter Sites application for online user services is related to the lack of protective measures for the website structure. Exploiting this vulnerability may allow an attacker, operating remotely, to modify, add, or delete...

6.1CVSS6.8AI score0.01083EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.4 views

The vulnerability of Google Chrome’s user interface allows a perpetrator to compromise data integrity.

The vulnerability of Google Chrome’s user interface is related to the lack of a mechanism for checking entered data. Exploiting this vulnerability allows an attacker to affect the integrity of data through a specially created domain name...

5.3CVSS7.1AI score0.01464EPSS
Exploits0References12Affected Software5
0day.today
0day.today
added 2020/08/11 12:0 a.m.217 views

Travel Management System 1.0 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Travel Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku Vulnerability Discovery: Adeeb Shah @hyd3sec Date: August 10, 2020 Vendor Homepage:...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/08/11 12:0 a.m.2 views

Google Chrome Security Bypass Vulnerability (CNVD-2020-49878)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in the installer in versions prior to Google Chrome 84.0.4147.125 that stems from a failure to properly secure the user interface. An attacker can exploit the vulnerability to bypass security...

7.8CVSS8.9AI score0.00203EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2020/08/11 12:0 a.m.24 views

KLA11933 XSS vulnerability in Microsoft Dynamics

A cross-site-scripting vulnerability was found in Microsoft Dynamics.Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2020-1591 Related products Microsoft-Dynamics-365 CVE list CVE-2020-1591 high KB list 4541722 Solution Install necessary updates fro...

5.4CVSS6AI score0.01507EPSS
Exploits0References4
OSV
OSV
added 2020/08/10 6:15 p.m.3 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS7.1AI score0.01237EPSS
Exploits0References6
Cvelist
Cvelist
added 2020/08/10 5:43 p.m.16 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5AI score0.01237EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2020/08/10 5:43 p.m.57 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS6.7AI score0.01237EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/08/10 5:43 p.m.23 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS8.1AI score0.01237EPSS
Exploits0
OSV
OSV
added 2020/08/10 1:15 p.m.4 views

CVE-2020-4539

IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS5.4AI score0.0073EPSS
Exploits0References2
Rows per page
Query Builder