EUVD-2022-3893

Malicious code in bioql PyPI...

CVE-2024-13980

CVE-2024-13980 affects H3C Intelligent Management Center (IMC) /byod/index.xhtml. The root cause is improper handling of JSF ViewState, allowing unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters and potentially achieve arbitrary command execution. Explo...

CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...

CVE-2010-4514

Cross-site scripting XSS vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the VIEWSTATE parameter. NOTE: some of these details are obtained from third party information...

CVE-2024-7874

Tungsten Automation Kofax TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx"...

CVE-2024-7875

CVE-2024-7875 affects Tungsten Automation (Kofax) TotalAgility up to version 7.9.0.25.0.954. The vulnerability is a Reflected XSS in the ScanFront.aspx endpoints where mfpScreenResolutionWidth is manipulated via POST data. An attacker can inject JavaScript code, leading to information disclosure,...

CVE-2024-7874

CVE-2024-7874 affects Tungsten Automation TotalAgility versions up to 7.9.0.25.0.954. The vulnerability is a Reflected Cross‑Site Scripting (XSS) via the mfpConnectionId parameter in forms posted to /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx and /TotalAgility/Kofax/BrowserDevice/ScanFrontDe...

PT-2024-38650 · Kofax · Totalagility

Name of the Vulnerable Software and Affected Versions: Tungsten Automation Kofax TotalAgility versions all through 7.9.0.25.0.954 Description: The issue is a Reflected XSS vulnerability that can be exploited through manipulation of the mfpConnectionId parameter in a form sent to endpoints...

VulnCheck KEV: CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

CVE-2023-34209 Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

EasyUse MailHunter Ultimate Security Vulnerability

EasyUse MailHunter Ultimate is an accurate email finder tool from EasyUse China. A security vulnerability exists in EasyUse MailHunter Ultimate version 2023 and prior versions, which stems from the exposure of sensitive system information to an unauthorized Control Sphere, allowing an authenticat...

CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

CVE-2023-41642

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

PT-2023-28019 · Grupposcai · Grupposcai Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component allow attackers to execute arbitrary Javascript in the context of a victim user's browser vi...

CVE-2023-41642

CVE-2023-41642 affects GruppoSCAI RealGimm 1.1.37p38 and its ErroreNonGestito.aspx component. The issue is multiple reflected XSS vulnerabilities that allow an attacker to inject arbitrary JavaScript into a victim’s browser by crafting a payload in the VIEWSTATE parameter. Root cause is improper ...

SUSE CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...