279 matches found
Malicious code in @fmcc-web-platform/platform-experience-lib (npm)
The package @fmcc-web-platform/platform-experience-lib was found to contain malicious code...
Malicious code in @amber-team/web-platform-utils (npm)
The package @amber-team/web-platform-utils was found to contain malicious code...
Malicious code in @fmcc-web-platform/react-components (npm)
The package @fmcc-web-platform/react-components was found to contain malicious code...
MAL-2025-7077 Malicious code in @amber-team/web-platform-utils (npm)
The package @amber-team/web-platform-utils was found to contain malicious code...
MAL-2025-7938 Malicious code in @fmcc-web-platform/react-components (npm)
The package @fmcc-web-platform/react-components was found to contain malicious code...
The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications. The XWiki platform allows attackers to perform XSS attacks.
The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications, is related to the absence of warnings about dangerous actions when loading edited objects. Exploiting this vulnerability could allow attackers to perform XSS...
The vulnerability of the Cisco Webex web conferencing platform, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Webex web conferencing platform exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2025-4636
Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user...
CVE-2025-4636 Local Privilege Escalation
Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user...
CVE-2025-4636
CVE-2025-4636 concerns local privilege escalation in the Airpointer web platform. Multiple connected sources describe that excessive privileges granted to the web user allow a user-space compromise to escalate to root if an attacker gains control of that account. Documents consistently indicate t...
PT-2025-23273 · Unknown · Airpointer Web Platform
Name of the Vulnerable Software and Affected Versions: Airpointer web platform affected versions not specified Description: The issue arises from excessive privileges granted to the web user running the Airpointer web platform. This allows a malicious actor who gains control of this user to...
CVE-2025-30466
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy...
CVE-2024-25640
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...
CVE-2024-26466
A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
CVE-2018-16386
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection and an arbitrary log filename can be achieved via the PATHINFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error...
Oracle Essbase Multiple Vulnerabilities (April 2025 CPU)
The version of Oracle Essbase installed on the remote host is missing a security patch from the April 2025 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Web Platform OpenSSL. The supported version that is affected is 21.7.1.0.0. Easily...
CMU CERT/CC VINCE 2.0.6 - Stored XSS
Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...
Loggrove 安全漏洞
Loggrove is a web platform service by olajowon individual developer. A security vulnerability exists in Loggrove v1.0, which stems from an SQL injection in the read.py file...
Loggrove 命令注入漏洞
Loggrove is a web platform service by olajowon individual developers. Loggrove suffers from a command injection vulnerability that stems from the path parameter of /read/?page=1&logfile=eee&match= contains an operating system command injection vulnerability...