CVE-2022-27561

CVE-2022-27561 describes a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). The connected sources confirm the affected component is LotusTraveler.nsf within HCL Traveler and identify the vulnerability as reflected XSS. No concrete exploitation detail...

PT-2022-18485 · Hcl · Hcl Traveler

Name of the Vulnerable Software and Affected Versions: HCL Traveler affected versions not specified Description: There is a reflected Cross-Site Scripting issue in the HCL Traveler web admin, specifically affecting the LotusTraveler.nsf component. Recommendations: At the moment, there is no...

CVE-2022-2338

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may...

Malicious Package

Overview timebase-web-admin is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious code in timebase-web-admin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e87a33516df57c86ba7066cdc4d7dfce0e1c02576264b094786f103dba29606 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6574 Malicious code in timebase-web-admin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e87a33516df57c86ba7066cdc4d7dfce0e1c02576264b094786f103dba29606 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-27656

CVE-2022-27656 affects SAP Web Dispatcher Web Administration UI and the Internet Communication Manager (ICM). It stems from insufficient encoding of user‑controlled inputs, enabling Cross‑Site Scripting (XSS). CVSS v3.1 base score 6.1 (MEDIUM); vectors: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. No exp...

(Pwn2Own) Lexmark MC3224i pagemaker Insufficient Session Expiration Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the remote...

Fedora: Security Advisory for phpMyAdmin (FEDORA-2022-3544c7d20e)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...

Plastic Scm安全漏洞

Unity Technologies Plastic Scm is a version control from Unity Technologies, USA. A security vulnerability previously existed in Plastic SCM 10.0.16.5622, which stemmed from Plastic SCM incorrectly handling the WebAdmin server management interface...

CVE-2021-38756

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...

CVE-2021-38757

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...

Cross site scripting

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...

Cross site scripting

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...

CVE-2021-38757

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...

CVE-2021-38757

CVE-2021-38757 is a reported persistent cross-site scripting (XSS) vulnerability in a Hospital Management System (often referenced as PHPGurukul/Hospital Management System). The public descriptions consistently state that the XSS is targeted at the web admin via the contact.php endpoint. Exploit ...

CVE-2021-38756

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...

Anti-Spam WordPress Plugin Could Expose Website User Data

An SQL-injection vulnerability discovered in a WordPress plugin called “Spam protection, AntiSpam, FireWall by CleanTalk” could expose user emails, passwords, credit-card data and other sensitive information to an unauthenticated attacker. Spam protection, AntiSpam, FireWall by CleanTalk is...

CVE-2021-31583

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...