7 matches found
Zabbix 6.0.x < 6.0.45 / 7.0.x < 7.0.24 / 7.4.x < 7.4.8 XSS (ZBX-27760)
The version of Zabbix Server installed on the remote host is prior to 6.0.45, 7.0.24, 7.4.8. It is, therefore, affected by a stored cross-site scripting XSS vulnerability. The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML displ...
PT-2026-37346
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the lwsupngdecode function when the WSWITHUPNG flag is enabled during compilation and the HTML display stack is used. An attacker can cause a crash or potentially execute arbitrary code by enticing a user to visi...
CVE-2023-2013
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...
CVE-2023-2013
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...
The vulnerability of the WEB_DisplayPage() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a intruder to gain unauthorized access to protected information.
The vulnerability of the WEBDisplayPage function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...
The vulnerability of the WEB_DisplayPage() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a intruder to gain unauthorized access to protected information.
The vulnerability of the WEBDisplayPage function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...