CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2019/10/11 10:35 a.m.•12 views

CVE-2010-5336

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0...

CVE•added 2019/10/11 10:35 a.m.•45 views

CVE-2010-5336

The CVE-2010-5336 issue affects IceWarp Webclient prior to 10.2.1, where an XSS vulnerability is triggered by an HTTP POST to admin/login.html with the username parameter. The root cause is lack of input validation/escapes for client-side data within the Webclient Web application. Impact is clien...

6.1CVSS5.9AI score0.0021EPSS

Cvelist•added 2019/10/11 10:35 a.m.•12 views

CVE-2010-5337

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchacontroller is non-persistent in 10.1.3 and 10.2.0...

CVE•added 2019/10/11 10:35 a.m.•33 views

CVE-2010-5337

CVE-2010-5337 concerns IceWarp Webclient prior to version 10.2.1, which is vulnerable to a cross-site scripting (XSS) flaw. The issue is triggered by an HTTP POST to the webmail/basic/ path using the parameter _dlg[captcha][controller], as documented in multiple sources. The vulnerability is desc...

CVE•added 2019/10/11 10:35 a.m.•43 views

CVE-2010-5338

IceWarp Webclient prior to 10.2.1 is vulnerable to XSS via an HTTP POST to webmail/basic/ using the parameter _dlg[captcha][action]. The root cause is lack of proper validation of client data in the WEB application, with non-persistent input in 10.1.3 and 10.2.0. Affected product: IceWarp Webclie...

Cvelist•added 2019/10/11 10:35 a.m.•11 views

CVE-2010-5338

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchaaction is non-persistent in 10.1.3 and 10.2.0...

Cvelist•added 2019/10/11 10:35 a.m.•12 views

CVE-2010-5339

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchauid is non-persistent in 10.1.3 and 10.2.0...

CVE•added 2019/10/11 10:35 a.m.•37 views

CVE-2010-5339

CVE-2010-5339 affects IceWarp Webclient prior to 10.2.1. The issue is a Cross-Site Scripting vulnerability triggered by an HTTP POST to webmail/basic/ that uses the parameter _dlg[captcha][uid]. According to Red Hat and NVD entries, this XSS is non-persistent in versions 10.1.3 and 10.2.0, indica...

Cvelist•added 2019/10/11 10:35 a.m.•13 views

CVE-2010-5340

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0...

6.1AI score0.0021EPSS

CVE•added 2019/10/11 10:35 a.m.•41 views

CVE-2010-5340

CVE-2010-5340 concerns IceWarp Webclient prior to 10.2.1, where an XSS vulnerability exists in the webmail/ endpoint via an HTTP POST carrying a password parameter. The root cause is lack of proper validation/escaping of client-supplied data, enabling injection of script in the user’s browser. Pu...

CNVD•added 2019/01/09 12:0 a.m.•1 views

SAP CRM WebClient UI Cross-Site Scripting Vulnerability

SAP CRM Customer Relationship Management is a set of German SAP SAP customer relationship management solutions. The program includes sales management, marketing management, customer service system and other modules. SAP CRM WebClient UI is one of the Web client interface. A cross-site scripting...

5.4CVSS6.7AI score0.00299EPSS

Exploits0References1

CNVD•added 2019/01/09 12:0 a.m.•1 views

SAP CRM WebClient UI Cross-Site Scripting Vulnerability (CNVD-2019-04862)

SAP CRM Customer Relationship Management is a set of German SAP SAP company's customer relationship management solutions. The program includes sales management, marketing management, customer service systems and other modules. SAPSCORE, S4FND and WEBCUIF are among the Web client interface...

5.4CVSS6.7AI score0.00299EPSS

Exploits0References1

OSV•added 2019/01/08 8:29 p.m.•2 views

CVE-2019-0244

SAP CRM WebClient UI fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS5.8AI score0.00299EPSS

OSV•added 2019/01/08 8:29 p.m.•4 views

CVE-2019-0245

5.4CVSS5.8AI score0.00299EPSS

NVD•added 2019/01/08 8:29 p.m.•14 views

CVE-2019-0244

NVD•added 2019/01/08 8:29 p.m.•18 views

CVE-2019-0245

Cvelist•added 2019/01/08 8:0 p.m.•14 views

CVE-2019-0245

5.3AI score0.00299EPSS

CVE•added 2019/01/08 8:0 p.m.•51 views

CVE-2019-0244

CVE-2019-0244 affects SAP CRM WebClient UI components (SAPSCORE, S4FND, WEBCUIF). The vulnerability arises from insufficient encoding of user-controlled inputs, enabling Cross-Site Scripting (XSS). Affected product areas: SAP CRM WebClient UI; fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.4...

Exploits0References3Affected Software1

CVE•added 2019/01/08 8:0 p.m.•51 views

CVE-2019-0245

SAP CRM WebClient UI is affected by a Cross-Site Scripting (XSS) vulnerability due to insufficient encoding of user-controlled inputs. The flaw affects SAPSCORE 1.12; S4FND 1.02; WEBCUIF components 7.31, 7.46, 7.47, 7.48, 8.0, and 8.01. The root cause is improper input encoding in the web client ...