Code injection

SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...

CVE-2023-29189 HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)

SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...

CVE-2023-29189

CVE-2023-29189 affects SAP CRM (WebClient UI) across multiple versions (S4FND 102–107, WEBCUIF, 700–801). The root cause is an issue in the web server handling where HTTP verbs can be modified by an authenticated attacker, with the application exposed over the network. Consequence: exposure of fo...

Security fix for the ALT Linux 10 package yandex-browser-stable version 23.3.1.916-alt1

April 11, 2023 Yandex Browser Team 23.3.1.916-alt1 - Browser updated to 23.3.1 + Critical CVE-2023-0941: Use after free in Prompts. + High CVE-2023-0927: Use after free in Web Payments API. + High CVE-2023-0928: Use after free in SwiftShader. + High CVE-2023-0929: Use after free in Vulkan. + High...

CVE-2023-24525

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...

CVE-2023-24525

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...

Cross site scripting

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...

CVE-2023-24525

Summary: CVE-2023-24525 affects SAP CRM WebClient UI components (WEBCUIF 748, 800, 801; S4FND 102, 103). The vulnerability stems from insufficient encoding of user-controlled inputs, enabling a Cross-Site Scripting (XSS) flaw. In the documented entries, exploitation requires authentication and is...

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, Germany. A cross-site scripting vulnerability exists in SAP CRM WebClient UI WEBCUIF version 748, version 800, version 801, S4FND version 102, version 103, which stems from not adequately coding user input...

PT-2023-19673 · Sap · Sap Crm Webclient Ui

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions WEBCUIF 748, 800, 801, S4FND 102, 103 Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability. On successful exploitation, an...

CVE-2022-31684: Reactor Netty HTTP Server may log request headers

The Reactor Netty 1.0.24 release on October 11 included fix for CVE-2022-31684 affecting Reactor Netty HTTP Server. Users are encouraged to update as soon as possible. Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot...

Cross-site Scripting (XSS)

github.com/drakkan/sftpgo is vulnerable to cross-site scriptingXSS attacks. The library does not properly escape the user inputs into several methods in WebClient component, allowing an attacker to inject and execute malicious javascript...

CVE-2022-39220 XSS Vulnerabilities in WebClient

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting XSS vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist...

CVE-2022-39220 XSS Vulnerabilities in WebClient

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting XSS vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist...

SFTPGo WebClient vulnerable to Cross-site Scripting

Impact Cross-site scripting XSS vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code. Patches Fixed in v2.3.5...

GHSA-CF7G-CM7Q-RQ7F SFTPGo WebClient vulnerable to Cross-site Scripting

Impact Cross-site scripting XSS vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code. Patches Fixed in v2.3.5...

PT-2022-24820 · Sftpgo · Sftpgo

Name of the Vulnerable Software and Affected Versions: SFTPGo versions prior to 2.3.5 Description: SFTPGo is an SFTP server written in Go. The SFTPGo WebClient is subject to Cross-site scripting XSS vulnerabilities, allowing remote attackers to inject malicious code. This issue is patched in...

CVE-2022-35115

IceWarp WebClient DC2 - Update 2 Build 9 13.0.2.9 was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php...

CVE-2022-35115

IceWarp WebClient DC2 - Update 2 Build 9 13.0.2.9 was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php...

CVE-2022-35115

IceWarp WebClient DC2 - Update 2 Build 9 13.0.2.9 was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php...