dify 跨站脚本漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient validation of inputs when echarts was used in the web application chat front-end,...

CVE-2026-1363

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

CVE-2026-1363 JNC｜IAQS and I6 - Client-Side Enforcement of Server-Side Security

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

CVE-2026-1363

CVE-2026-1363 affects IAQS and I6 by JNC. The issue is described as a Client-Side Enforcement of Server-Side Security vulnerability that lets unauthenticated remote attackers manipulate the web front-end to gain administrator privileges. CVSS metrics indicate high impact to confidentiality, integ...

CVE-2026-1363 JNC｜IAQS and I6 - Client-Side Enforcement of Server-Side Security

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

CVE-2026-1363

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end...

SAP NetWeaver Enterprise Portal 安全漏洞

SAP NetWeaver Enterprise Portal is a web front-end component of SAP NetWeaver from SAP, Germany. A security vulnerability exists in SAP NetWeaver Enterprise Portal that stems from a cross-site scripting attack that can lead to the disclosure of sensitive information such as session cookies and...

QGIS QWC2 Registration GUI 安全漏洞

The QGIS QWC2 Registration GUI is an optional application of the Web Front End Client Framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 Registration GUI v2025.03.31 and earlier versions, which originates from an authorized attacker who can plant arbitrary JavaScri...

Number withdrawn

Monitorr is Monitorr open source a web front-end . It is used to display the status of any web application or service in real time. This CVE number has been withdrawn...

Adiscon LogAnalyzer SQL注入漏洞

Adiscon LogAnalyzer is a set of web front-end tools for system logs and other network event data. The tool provides log browsing, search and basic analysis, and graphical display. A security vulnerability exists in Adiscon LogAnalyzer v4.1.13 and earlier versions that stems from vulnerability to...

Monitorr 代码问题漏洞

Monitorr is Monitorr open source a web front-end . Used to display the status of any web application or service in real time . A security vulnerability exists in Monitorr version v.1.7.6. A remote attacker could exploit this vulnerability to execute arbitrary code via specially crafted files...

SEPPmail 跨站脚本漏洞

SEPPmail is an email encryption and signature solution from the Swiss company SEPPmail. SEPPmail suffers from a cross-site scripting vulnerability that originates from a web front-end user input that is not properly embedded in a web page. An attacker could exploit this vulnerability to conduct a...

SAP NetWeaver和SAP NetWeaver Enterprise Portal 跨站脚本漏洞

SAP NetWeaver Enterprise Portal is a product of SAP, Germany.SAP NetWeaver Enterprise Portal is a Web front-end component for SAP NetWeaver. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50, which stems from a...

LDAP Account Manager Parameter Injection Vulnerability

LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. LDAP Account Manager LAM versions prior to 8.0 are vulnerable to parameter injection, which stems from the fact that LAM instantiates objects from arbitrary classes and ca...

LDAP Account Manager注入漏洞

LDAP Account Manager is a web front-end for managing entries in stored LDAP directories e.g., users, groups, DHCP settings. versions prior to LDAP Account Manager 8.0 contain an injection vulnerability that could be exploited by an attacker to write a web-shell to the /lam/tmp/ directory and gain...

LDAP Account Manager Cross-Site Scripting Vulnerability (CNVD-2022-53547)

LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. cross-site scripting vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from the fact that if the PHP OpenSSL extension is not installed o...

LDAP Account Manager 代码问题漏洞

LDAP Account Manager is a web front-end for managing entries stored in LDAP directories e.g., users, groups, DHCP settings. file upload vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from a faulty regular expression that allows PHP scripts to be uploaded to th...

LDAP Account Manager Cross-Site Scripting Vulnerability

LDAP Account Manager is a Web front-end for managing entries stored in the LDAP directory e.g., users, groups, DHCP settings. A cross-site scripting vulnerability exists in LDAP Account Manager LAM, which stems from the fact that the Profile Editor tool has the ability to edit profiles and the...

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint securit...

Cross site scripting

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS in the web front end by leveraging the ability to create a custom field with a crafted field name...