Malicious code in sprout-wcm-service (npm)

The package sprout-wcm-service was found to contain malicious code...

MAL-2025-33809 Malicious code in sprout-wcm-service (npm)

The package sprout-wcm-service was found to contain malicious code...

com.adobe.aem:aem-sdk-api (=2020.6.3800.20200626T210738Z-200604), com.adobe.cq:core.wcm.components.testing.aem-mock-plugin (>=2.17.10 <=2.24.6) +113 more potentially affected by CVE-2023-25621 via org.apache.sling:org.apache.sling.i18n (>=2.0.2 <=2.5.6)

org.apache.sling:org.apache.sling.i18n MAVEN version =2.0.2, =2.17.10, =0.0.10, =1.0, =5.5.4, =5.6.2 and more Source cves: CVE-2023-25621 Source advisory: OSV:GHSA-MRPV-5PMR-P92H...

biz.netcentric.cq.tools.aemmjml:aemmjml-components-bundle (=0.1.0), com.adobe.aem.commons:assetshare.core (>=1.9.6 <=3.13.0) +23 more potentially affected by CVE-2022-35697 via com.adobe.cq:core.wcm.components.core (>=1.1.0 <=2.20.6)

com.adobe.cq:core.wcm.components.core MAVEN version =1.1.0, =1.9.6, =2012.12.01, =2012.12.01, =0.0.6, =0.0.4, =0.0.6, =0.0.6, =1.2.0, =0.1.0, =2.5.0, =2.10.0, =2.10.0, =2.10.0, =2.20.6 and more Source cves: CVE-2022-35697 Source advisory: OSV:GHSA-QCGC-6Q86-7X2P...

GHSA-QCGC-6Q86-7X2P AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting

Core Components version 2.20.6 and earlier suffer from a reflected cross-site scripting XSS vulnerability in AdaptiveImageServlet via SVG images. An attacker with author access can upload a special crafted SVG image including a malicious Javascript and obtain a link that, when loaded by another...

Malicious code in usaa-wcm-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff24011199eca8ad2a782d264c3a05ef67298fafd3731135d21f3b8489b24ebc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6857 Malicious code in usaa-wcm-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff24011199eca8ad2a782d264c3a05ef67298fafd3731135d21f3b8489b24ebc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), com.adobe.cq.commerce:cq-commerce-core (>=5.6.0 <=5.13.18) +119 more potentially affected by CVE-2013-5679 via org.owasp.esapi:esapi (=2.0.1)

org.owasp.esapi:esapi MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.owasp.esapi:esapi and may be impacted: - cloud.genesys:web-messaging-sdk =3.0.0, =5.6.0, =2.0.54, =5.6.2, =1.0.36, =1.0.24, =5.5.4, =1.0.0, =5.6.4, =1.0.8,...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...

Cross site scripting

IBM Support Tools for Lotus WCM IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2017-1536

IBM Support Tools for Lotus WCM IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2017-1536

IBM Support Tools for Lotus WCM IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2017-1536

CVE-2017-1536 : IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. The provided...

Reflective XSS Cross-Site Scripting Vulnerability in TRS WCM Content Collaboration Platform

The TRS WCM Content Collaboration Platform TRS WCM is a content management system. The TRS WCM Content Collaboration Platform suffers from a reflected XSS cross-site scripting vulnerability. The UserName fails to effectively filter user-submitted data, allowing an attacker to construct XSS...

XXE Vulnerability in Various TRS Products

WCM, Portal, infogate plug-ins, comment plug-ins, etc. developed by Topsy, widely used in the national government, enterprises and institutions portal system and plug-ins. TRS a variety of products mainly including: WCM, Portal, infogate plug-ins, comment plug-ins exist XXE entity injection...

TRS Infogate Plugin SSRF Vulnerability

TRS Infogate is a general-purpose plug-in developed by TORS for application on WCM and IDS platforms of national governments, enterprises and institutions. TRS Infogate plug-in page infogate/customer/system/wcmurltest.jsp SSRF vulnerability. The page in the infogate/customer/system directory can...

TRS WCM 文件读取漏洞(<=2015-12-17)

No description provided by source...

TRS wcm系统 eg_newuser_dowith.jsp XXE漏洞

No description provided by source...

TRS WCM 文件路径处理不当导致任意文件上传

No description provided by source...

Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities Vendor: Asbru Ltd. Product web page: http://www.asbrusoft.com Affected version: 9.2.7 Summary: Ready to use, full-featured, database-driven web content management system CMS...