279 matches found
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
RHEL 6 : JBoss Enterprise Web Platform 5.1.2 update (Low) (RHSA-2011:1802)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1802 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and ric...
RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0259)
The remote Redhat Enterprise Linux 5 / 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0259 advisory. - jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services CVE-2012-3451 - jbossws-cxf, apache-cxf: Bypass of...
Trimble TM4Web 权限许可和访问控制问题漏洞
Trimble TM4Web is a virtual simulation platform from Trimble designed to help users create and deploy Web-based virtual reality VR and augmented reality AR applications. A privilege permission and access control issue vulnerability exists in Trimble TM4Web version 22.2.0 that stems from improper...
The vulnerability of the virtuoso-opensource web application development platform, related to writing beyond the buffer limit, allows a hacker to trigger a service failure.
The vulnerability of the virtuoso-opensource web application development platform is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger service failures using specially created SQL operators...
CVE-2024-26466
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
Cross site scripting
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26466
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
The web-platform-tests Project Security Vulnerabilities
The web-platform-tests Project is web-platform-tests open source a cross-browser test suite for the Web platform stack . The web-platform-tests Project commit 938e843 previous version of a security vulnerability , the vulnerability stems from the existence of DOM-based cross-site scripting XSS...
CVE-2024-26466
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
PT-2024-21386 · Unknown · Web-Platform-Tests
Name of the Vulnerable Software and Affected Versions: web-platform-tests/wpt versions before commit 938e843 Description: A DOM based cross-site scripting XSS issue in the component /dom/ranges/Range-test-iframe.html allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2024-26466
The CVE-2024-26466 entry describes a DOM-based XSS in web-platform-tests/wpt within the Range-test-iframe.html component, exposed before commit 938e843. The vulnerability allows an attacker to execute arbitrary Javascript by sending a crafted URL, with the impact aligned to a DOM-XSS type and use...
CVE-2024-25640
CVE-2024-25640 affects iris-web prior to version 2.4.0, where a stored XSS flaw exists at multiple locations. The underlying issue allows an authenticated attacker to inject scripts that execute when a user visits affected pages. Impact is consistent with XSS exposure leading to potential data ac...
CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...
CVE-2023-50712
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...
Cross site scripting
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...
PT-2023-30802 · Unknown · Smartstar Software Cws
Name of the Vulnerable Software and Affected Versions: SmartStar Software CWS affected versions not specified Description: The issue is related to missing authorization in the SmartStar Software CWS web-based integration platform. This allows users to access data or perform actions that they shou...
CVE-2023-44381
CVE-2023-44381 affects October CMS. Affected component: template rendering in the CMS where an authenticated backend user with editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions can craft a request to inject PHP code into a CMS template due to cms.safe_mode being enabled. Th...
CVE-2023-44382
The CVE-2023-44382 entry concerns October CMS: an authenticated backend user granted editor.cms_pages, editor.cms_layouts, or editor.cms_partials can bypass cms.safe_mode by escaping the Twig sandbox, enabling execution of arbitrary PHP. Concrete details from multiple sources confirm the vulnerab...
CVE-2023-44383
October is a Content Management System CMS and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This...