GHSA-GFP2-W5JM-955Q OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

OMERO.web exposes some unnecessary session information in the page

Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...

CVE-2020-17147

Dynamics CRM Webclient Cross-site Scripting Vulnerability...

CVE-2020-17147

Dynamics CRM Webclient Cross-site Scripting Vulnerability...

Cross site scripting

Dynamics CRM Webclient Cross-site Scripting Vulnerability...

CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability

...

CVE-2020-17147

CVE-2020-17147 is a cross-site scripting vulnerability affecting Microsoft Dynamics 365 on-premises / Dynamics CRM Webclient. Public records identify the flaw as an XSS risk in the Dynamics CRM Webclient that can spoof UI or exfiltrate data due to improper input validation. The CVE is linked to M...

Dynamics CRM Webclient Cross-site Scripting Vulnerability

...

KLA12026 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Dynamics CRM Webclie...

CVE-2020-15788

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

CVE-2020-15789

A vulnerability has been identified in Polarion Subversion Webclient All versions. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who...

Cross site scripting

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

Cross site request forgery (csrf)

A vulnerability has been identified in Polarion Subversion Webclient All versions. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who...

CVE-2020-15789

A vulnerability has been identified in Polarion Subversion Webclient All versions. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who...

CVE-2020-15789

CVE-2020-15789 affects Siemens Polarion Subversion Webclient (all versions). The connected documents confirm two CSRF-related issues in the web interface: a CSRF vulnerability that could trigger state-changing actions via forged requests, requiring a legitimate user to perform an authenticated ac...

CVE-2020-15788

The CVE-2020-15788 issue affects Polarion Subversion Webclient (all versions) and is a Cross-Site Scripting vulnerability caused by insufficient input filtering in the web application. Exploitation could allow an attacker to deliver JavaScript that executes in a user’s browser, potentially enabli...

CVE-2020-15788

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

Siemens Polarion Subversion Webclient Cross-Site Request Forgery Vulnerability

Polarion WebClient for SVN is one of several free Subversion tools provided by Polarion Software, it is an SVN client that enables Subversion users to work with SVN repositories using a web browser. A cross-site request forgery vulnerability exists in Siemens Polarion Subversion Webclient. An...

Siemens Polarion Subversion Webclient Cross-Site Scripting Vulnerability

Polarion WebClient for SVN is one of several free Subversion tools provided by Polarion Software, it is an SVN client that enables Subversion users to work with SVN repositories using a web browser. A cross-site scripting vulnerability exists in Siemens Polarion Subversion Webclient. An attacker...

Siemens Polarion Subversion Webclient

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Polarion Subversion Webclient Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS, Cross-site Request Forgery CSRF 2. RISK EVALUATION...