ArchivistaBox webclient 跨站脚本漏洞

ArchivistaBox webclient is a personal file management system from the Swiss company Archivista. cross-site scripting vulnerability exists in previous versions of ArchivistaBox webclient 2022/I, which stems from the program's lack of data validation filtering of user-supplied data and output. An...

Siemens Polarion ALM Cross-Site Scripting Vulnerability

Polarion WebClient for SVN is an SVN client. A cross-site scripting vulnerability exists in Siemens Polarion ALM, which can be exploited by an attacker to execute arbitrary code and extract sensitive information by sending a crafted link to a user with administrator privileges...

CVE-2021-44478

A vulnerability has been identified in Polarion ALM All versions V21 R2 P2, Polarion WebClient for SVN All versions. A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to...

CVE-2021-44478

A vulnerability has been identified in Polarion ALM All versions V21 R2 P2, Polarion WebClient for SVN All versions. A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to...

Cross site scripting

A vulnerability has been identified in Polarion ALM All versions V21 R2 P2, Polarion WebClient for SVN All versions. A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to...

CVE-2021-44478

CVE-2021-44478 affects Siemens Polarion ALM and its SVN WebClient: Cross-Site Scripting due to improper neutralization of data sent to web pages in the SVN WebClient. Affected: Polarion ALM (all versions prior to v21 R2 P2) and Polarion WebClient for SVN (all versions). Impact: could allow an att...

CVE-2021-44478

A vulnerability has been identified in Polarion ALM All versions V21 R2 P2, Polarion WebClient for SVN All versions. A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to...

Siemens Polarion Subversion Webclient 跨站脚本漏洞

Polarion WebClient for SVN is an SVN client. A cross-site scripting vulnerability exists in Siemens Polarion ALM, which can be exploited by an attacker to execute arbitrary code and extract sensitive information by sending a crafted link to a user with administrator privileges...

Siemens Polarion ALM

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-069-08 Siemens Polarion ALM that...

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading - Lateral Movement - WebClient...

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading - Lateral Movement - WebClient...

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

CVE-2020-25925

Cross Site Scripting XSS in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2020-25925

Cross Site Scripting XSS in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2020-25925

Cross Site Scripting XSS in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

CVE-2020-25925

CVE-2020-25925 describes a cross-site scripting (XSS) flaw in IceWarp WebClient’s Webmail Calendar (version 10.3.5). The vulnerability allows an attacker to inject arbitrary web script or HTML through the p4 field, enabling client-side code execution. The available connected documents confirm the...

IceWarp WebClient 跨站脚本漏洞

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

GitHub Security Lab: [Java] CWE-918: Added URLClassLoader and WebClient SSRF sinks

This bug was reported directly to GitHub Security Lab...

CVE-2021-27956

CVE-2021-27956 affects Zoho ManageEngine ADSelfService Plus prior to version 6104. The vulnerability is a stored XSS in the /webclient/index.html#/directory-search user search page, exploitable via the e-mail address field. Root cause is unsanitized input stored on the page that allows injection ...

Information Disclosure

OMERO web is vulnerable to information disclosure. The vulnerability exists because the main webclient page loads various information about the current user such as their id, name and the groups they are in...