104 matches found
CVE-2020-19554
Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...
CVE-2020-19554
Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...
Zoho Corporation ManageEngine OPManager 跨站脚本漏洞
Zoho Corporation ManageEngine OpManager is a comprehensive network monitoring software from Zoho Corporation, USA. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ManageEngine OPManager =12.5.174, which stems from an API key...
GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-61755)
GetSimple CMS is an XML-based, fully independent and streamlined content management system. /admin/snippets.php in GetSimple CMS version 3.4.0a is vulnerable to a stored cross-site scripting vulnerability, which can be exploited by attackers to execute arbitrary Web scripts or HTML via the Edit...
GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-45441)
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in GetSimple CMS 3.3.15 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the timezone parameter of...
GetSimple CMS Open Redirect Vulnerability (CNVD-2021-46556)
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. An open redirect vulnerability exists in admin/changedata.php in GetSimple CMS 3.3.15 and earlier versions. An attacker can redirect a user to a url parameter via the redirect function...
GetSimple CMS Cross-Site Scripting Vulnerability
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in GetSimple CMS 3.3.15 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the sitename, username, and ema...
GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2021-45144)
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in admin/snippets.php in GetSimple CMS version 3.4.0a. An attacker can exploit this vulnerability via Add Snippet and Save snippets to conduct cross-site...
getsimplecms 跨站脚本漏洞
GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in admin/edit.php in GetSimple CMS version 3.4.0a. An attacker can exploit this vulnerability to conduct a cross-site scripting attack...
Fedora: Security Advisory for qt5-qtsvg (FEDORA-2021-a95a40b78b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 33 Update: qt5-qtsvg-5.15.2-3.fc33
Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...
Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in various Genivia gSOAP toolkit plugins. These vulnerabilities could allow an attacker to carry out a variety of malicious activities, including causing a...
CVE-2020-24591
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0...
asia-sts.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1165811 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
dictionary.tovnah.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1147536 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting dictionary.tovnah.com...
CVE-2019-19292
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit...
Sql injection
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit...
Design/Logic Flaw
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote...
CVE-2019-19295
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote...