Lucene search
K

4 matches found

OSV
OSV
added 2018/08/21 4:29 p.m.2 views

CVE-2018-15528

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "selectsso" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?XSS link and then...

6.1CVSS5.8AI score0.01315EPSS
Exploits3References2
CNVD
CNVD
added 2018/08/21 12:0 a.m.4 views

Java System Solutions SSO plugin for BMC MyIT Cross Site Scripting Vulnerability

Java System Solutions SSO plugin for BMC MyIT is a single-sign-on plugin for BMC MyIT from Java System Solutions, UK. A cross-site scripting vulnerability exists in Java System Solutions SSO plugin for BMC MyIT version 4.0.13.1. A remote attacker can exploit this vulnerability to inject client-si...

6.1CVSS6.1AI score0.01315EPSS
Exploits3References1
NVD
NVD
added 2014/05/29 2:19 p.m.15 views

CVE-2014-3417

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet...

6.5CVSS6.2AI score0.01066EPSS
Exploits0References2
Prion
Prion
added 2014/05/29 2:19 p.m.16 views

Code injection

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet...

6.5CVSS6.8AI score0.01066EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder