4 matches found
CVE-2018-15528
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "selectsso" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?XSS link and then...
Java System Solutions SSO plugin for BMC MyIT Cross Site Scripting Vulnerability
Java System Solutions SSO plugin for BMC MyIT is a single-sign-on plugin for BMC MyIT from Java System Solutions, UK. A cross-site scripting vulnerability exists in Java System Solutions SSO plugin for BMC MyIT version 4.0.13.1. A remote attacker can exploit this vulnerability to inject client-si...
CVE-2014-3417
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet...
Code injection
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet...