16821 matches found
CVE-2025-34521
A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...
CVE-2025-34521
CVE-2025-34521 – Arcserve UDP XSS : A reflected cross-site scripting vulnerability exists in the Arcserve Unified Data Protection web interface, where unsanitized input is reflected in HTTP responses. This can allow remote attackers with low privileges to craft malicious links that, when a user v...
CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS)
A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...
CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS)
A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...
CVE-2025-20296
A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2025-20294 Cisco UCS Manager Software Command Injection Vulnerability
Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. These vulnerabilities are du...
CVE-2025-20294 Cisco UCS Manager Software Command Injection Vulnerability
Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. These vulnerabilities are du...
CVE-2025-20294
CVE-2025-20294 affects Cisco UCS Manager Software, specifically the CLI and web-based management interface. The root cause is insufficient input validation of command arguments, which could allow an authenticated, remote attacker with administrative privileges to perform command injection and esc...
CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...
CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...
CVE-2025-20296 Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2025-20296
CVE-2025-20296 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco UCS Manager Software. The issue arises from insufficient validation of user-supplied input on the management interface, allowing an authenticated, remote attacker (in the Admi...
CVE-2025-20296 Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...
Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability
A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...
Cisco UCS Manager Software Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. For more information about these...
Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
PT-2025-34947 · Arcserve · Arcserve Unified Data Protection
Name of the Vulnerable Software and Affected Versions: Arcserve Unified Data Protection UDP versions prior to 10.2 Arcserve Unified Data Protection UDP versions 8.0 through 10.1 Arcserve Unified Data Protection UDP versions 7.x and earlier Description: A reflected cross-site scripting XSS...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
PT-2025-34878 · Unknown · Diskover-Web
Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The software is susceptible to multiple reflected cross-site scripting XSS flaws within its web interface. Unsanitized GET parameters, including maxage, maxindex, index, path, q query, and doctype, are...