LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

Pexip Infinity 安全漏洞

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities. A security vulnerability exists in Pexip Infinity versions 15.0...

CVE-2024-33326

A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP versions v15.0.x through v16.1.x. An attacker exploited the vulnerability to bypas...

PT-2024-25202 · Lumisxp · Lumisxp

Name of the Vulnerable Software and Affected Versions: Lumisxp versions 15.0.x through 16.1.x Description: A cross-site scripting XSS issue in the XsltResultControllerHtml.jsp component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID...

Marval MSM 安全漏洞

Marval MSM is an innovative IT service management software from Marval UK. A security vulnerability exists in Marval MSM that stems from the presence of a system account with default credentials that allows an attacker to log in and create a valid session. Affected products and versions: Marval M...

PT-2023-12044 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: The issue is related to improper access control in the reporting engine of the l10n fr fec module. This allows remote authenticated users to extra...

PT-2023-12548 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: A sandboxing issue allows authenticated administrators to read local files on the server, including sensitive configuration files. Recommendations...

CVE-2023-1710

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue...

PT-2023-21727 · Unknown · Angular-Server-Side-Configuration

Name of the Vulnerable Software and Affected Versions: angular-server-side-configuration versions 15.0.0 through 15.0.x Description: The issue concerns the detection of environment variables in TypeScript files during the build time of an Angular CLI project. These variables are written to a...

PT-2022-14235 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 10.7 through 14.10.5 GitLab EE versions 15.0 through 15.0.4 GitLab EE versions 15.1 through 15.1.1 Description: The issue concerns incorrect authorization in GitLab EE, allowing an attacker with a valid Deploy Key or Deploy...

PT-2022-15342 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0 Description: A Stored Cross-Site Scripting issue in the project settings page allows an attacker to execute arbitra...

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

Apple tvOS 缓冲区错误漏洞

Apple tvOS is a set of smart TV operating systems from Apple USA. A buffer error vulnerability exists in Apple tvOS versions 15.0 19J346 through 15.4.1 19L452, which stems from a boundary error in IOSurfaceAccelerator. A native application can exploit the vulnerability to execute arbitrary code...

Apple tvOS 资源管理错误漏洞

Apple tvOS is a smart TV operating system from Apple, Inc. A resource management error vulnerability exists in Apple tvOS versions 15.0 19J346 - 15.4.1 19L452, which originates from a use-after-release error when processing HTML content in WebKit. A remote attacker could exploit this vulnerabilit...

Directory traversal

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory...