Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.599 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...

7AI score0.01307EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.598 views

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...

10CVSS7.3AI score0.99999EPSS
Exploits60
Packet Storm
Packet Storm
added 2010/04/10 12:0 a.m.597 views

Linux Kernel 2.6.34-rc3 ReiserFS xattr Privilege Escalation

!/usr/bin/env python ''' team-edward.py Linux Kernel http://jon.oberheide.org Information: https://bugzilla.redhat.com/showbug.cgi?id=568041 The kernel allows processes to access the internal ".reiserfspriv" directory at the top of a reiserfs filesystem which is used to store xattrs. Permissions...

6.9CVSS0.9AI score0.01824EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/29 12:0 a.m.596 views

Orangescrum 1.8.0 SQL Injection

Exploit Title: orangescrum 1.8.0 - 'Multiple' SQL Injection Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/09 12:0 a.m.596 views

PrestaShop 1.7.6.7 SQL Injection

Exploit Title: PrestaShop 1.7.6.7 - 'location' Blind Sql Injection Date: 2021-04-08 Exploit Author: Vanshal Gaur Vendor Homepage: https://www.prestashop.com/ Version: 1.7.5.x 1.7.6.8 Tested on: Debian 10 buster CVE : CVE-2020-15160 !/usr/bin/python3 ''' Setup Vulnerable Docker on "localhost:8080"...

7.5CVSS0.3AI score0.10807EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/01/13 12:0 a.m.596 views

Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Pepperl+Fuchs IO-Link Master Series See "Vulnerable / tested versions" vulnerable version: System 1.36 / Application 1.5.28 fixed versio...

6.5CVSS0.7AI score0.3111EPSS
Exploits12
Packet Storm
Packet Storm
added 2019/02/22 12:0 a.m.596 views

HanYazilim Paper Submission System .NET 1.0 Shell Upload

Exploit Title : HanYazilim Paper Submission System .NET v1.0 Privilege Escalation / Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 22/02/2019 Vendor Homepage : hanyazilim.com Software Information Link : hanyazilim.com/hakemlimakaletakipsistemi.pdf...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.595 views

Chrome V8 Type Confusion

Chrome: Extending non-extensible objects leads to type confusion in V8 SUMMARY v8::internal::JSObject::SetAccessor doesn't check if the receiver is extensible before adding a new property. A potential attacker can exploit the ability to extend non-extensible objects to achieve arbitrary code...

8.8CVSS7.1AI score0.23022EPSS
Exploits1
Packet Storm
Packet Storm
added 2020/10/30 12:0 a.m.595 views

DedeCMS 5.8 Cross Site Scripting

Exploit Title: DedeCMS v.5.8 - "keyword" Cross-Site Scripting Date: 2020-07-27 Exploit Author: Noth Vendor Homepage: https://github.com/dedetech/DedeCMSv5 Software Link: https://github.com/dedetech/DedeCMSv5 Version: v.5.8 CVE : CVE-2020-27533 A Cross Site Scripting XSS issue was discovered in th...

3.5CVSS5.6AI score0.03463EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/03/05 12:0 a.m.595 views

Splunk Enterprise 7.2.4 Remote Code Execution

!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/24 12:0 a.m.595 views

XOS Shop 1.0RC7o SQL Injection

Exploit Title: XOS Shopv1.0rc7o Sql Injection Vulnerability Date: 23/01/2014 Exploit Author: JoKeRStEx Vendor Homepage: http://www.xos-shop.com/ Software Link: http://xos-shop.com/main/index.php/cPath/25/ Version: v1.0 rc7o Tested on: Windows PHP Version 6.0.0-dev CVE : - Description : XOS Shop i...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2023/11/15 12:0 a.m.594 views

EzViz Studio 2.2.0 DLL Hijacking

PoC: DLL Hijacking via EzViz Studio Reported by EAFZ from Pythongoras Author: EAFZ aka myantti3m CVE: CVE-2023-41613. Test Environment: OS: Windows 11 Pro 64 bit10.0, Build 2261 EzViz Studio version: 2.2.0 Technical Description 1. Technical Description EzvizStudio.exe searches for a DLL called...

7.4AI score0.00451EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/09/01 12:0 a.m.594 views

COVID-19 Contact Tracing System With QR Code Scanning 1.0 SQL Injection

Exploit Title: Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR by: oretnom23 v1.0 remote SQL-Injection-Bypass-Authentication in /ctsqr/classes/Login.php + XSS-Stored PWNED PHPSESSID Vulnerable parameter "code" in applicatoin State/Province List. Author: nu11secur1ty Testing a...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/11 12:0 a.m.594 views

Courier Management System 1.0 SQL Injection

Exploit Title: Courier Management System 1.0 - 'MULTIPART street ' SQL Injection Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/10 12:0 a.m.594 views

BigtreeCMS 4.4.11 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in BigtreeCMS Affected Software: BigtreeCMS Affected Versions: 4.4.11 Vendor Homepage: https://www.bigtreecms.org/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVE-ID:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/06/06 12:0 a.m.593 views

Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Reolink E1 Zoom Camera Vendor URL: https://reolink.com/product/e1-zoom/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2021-08-26 Date published:...

7.6AI score0.03364EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/11/16 12:0 a.m.593 views

Online Reviewer System 2.4.0 SQL Injection

Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/15 12:0 a.m.592 views

Havoc C2 0.7 Server-Side Request Forgery

Exploit Title: Havoc C2 0.7 Unauthenticated SSRF Date: 2024-07-13 Exploit Author: @chebuya Software Link: https://github.com/HavocFramework/Havoc Version: v0.7 Tested on: Ubuntu 20.04 LTS CVE: ? Description: This exploit works by spoofing a demon agent registration and checkins to open a TCP sock...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.592 views

PostgreSQL 11.7 Remote Code Execution

Exploit Title: PostgreSQL 9.3-11.7 - Remote Code Execution RCE Authenticated Date: 2022-03-29 Exploit Author: b4keSn4ke Github: https://github.com/b4keSn4ke Vendor Homepage: https://www.postgresql.org/ Software Link: https://www.postgresql.org/download/linux/debian/ Version: 9.3 - 11.7 Tested on:...

9CVSS0.2AI score0.91877EPSS
Exploits17
Packet Storm
Packet Storm
added 2021/10/29 12:0 a.m.592 views

WebCTRL OEM 6.5 Cross Site Scripting

Exploit Title: WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting XSS Date: 4/07/2021 Exploit Author: 3ndG4me Vendor Homepage: https://www.automatedlogic.com/en/products/webctrl-building-automation-system/ Version: 6.5 and Below CVE : CVE-2021-31682 --Summary-- The login portal for the...

4.3CVSS0.1AI score0.10509EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/01/06 12:0 a.m.591 views

IObit Uninstaller 10 Pro Unquoted Service Path

Exploit Title: IObit Uninstaller 10 Pro - Unquoted Service Path Date: 2020–12–24 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version: 10 Tested on Windows 10 Unquoted Service Path: When a service is...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/02 12:0 a.m.591 views

Monitorr 1.7.6m Authorization Bypass

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: Monitorr 1.7.6m - Authorization Bypass Date: September 12, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/11/02 12:0 a.m.591 views

ZyXEL PK5001Z Modem Backdoor Account

Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux About: ZyXEL PK5001Z Modem is used by...

9CVSS8.7AI score0.12439EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/03/04 12:0 a.m.590 views

SumatraPDF 3.5.2 DLL Hijacking

SumatraPDF 3.5.2 DLL Hijack Exploit Title: Sumatra PDF 3.5.2 DLL Hijack Date: 03.03.2024 Exploit Author: Krishna Vamshi Katta Rokkaiah Vendor Homepage: https://www.sumatrapdfreader.org/free-pdf-reader Software Link: https://www.sumatrapdfreader.org/download-free-pdf-viewer Version: 3.5.2 Tested o...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/22 12:0 a.m.590 views

QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and QuTS Hero Unauthenticated Remote Code Execution in quick.cgi', 'Description' = %q There exists an unauthenticated command injection...

5.8CVSS7.4AI score0.89157EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/08/13 12:0 a.m.590 views

HackTool.Win32.HKit Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6209db6e8cfd7c7a315ca858129bd226.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.HKit Vulnerability: Unauthenticated Remote Command Execution Description: HaX0R'Z KiT...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.589 views

Zabbix 7.0.1rc1 Remote Code Execution

Zabbix server version 7.0.1rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 7.0.1rc1 PHP Code Injection...

9.9CVSS8.3AI score0.78831EPSS
Exploits13
Packet Storm
Packet Storm
added 2021/08/12 12:0 a.m.589 views

COVID19 Testing Management System 1.0 SQL Injection

Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection Google Dork: intitle: "COVID19 Testing Management System" Date: 09/08/2021 Exploit Author: Ashish Upsham Vendor Homepage: https://phpgurukul.com Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/16 12:0 a.m.589 views

Microsoft Windows Containers DP API Cryptography Flaw

Certitude Security Advisory - CSA-2021-002 PRODUCT : Windows Containers VENDOR : Microsoft SEVERITY : High AFFECTED VERSION : Windows 10, Windows Server IDENTIFIERS : CVE-2021-1645 PATCH VERSION : KB4598229, KB4598230, KB4598242, KB4598243 FOUND BY : Marc Nimmerrichter, Certitude Lab Introduction...

4.3CVSS0.1AI score0.07274EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/11/17 12:0 a.m.589 views

Online News Portal Local File Inclusion

Exploit Title: Online News Portal - Local File Inclusion Date: 2020-11-16 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/02/24 12:0 a.m.588 views

DotNetNuke CMS 9.5.0 Cross Site Scripting

Exploit Title: File upload vulnerability through bypassing client-side file extension check Date: 23 Feb 2020 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNNPlatform9.5.0Install.zip...

5.6AI score0.00889EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/10/10 12:0 a.m.587 views

Android GKI Kernels Use-After-Free

A central recurring theme in Linux MM development is that contention on the mmap lock can have a big negative performance impact on multithreaded workloads: If one thread is holding the mmap lock in exclusive mode for an extended amount of time, other threads will block as soon as they try to...

7.8CVSS7AI score0.00217EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/01/24 12:0 a.m.587 views

GL.iNet Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' class MetasploitModule 'GL.iNet Unauthenticated Remote Command Execution via the logread module.', 'Description' = %q A command injection...

9.8CVSS7.4AI score0.47804EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/11/02 12:0 a.m.587 views

Multi Restaurant Table Reservation System 1.0 Cross Site Scripting

Exploit Title: Multi Restaurant Table Reservation System - Multiple Persistent XSS Date: 01-11-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/06 12:0 a.m.586 views

Backdoor.Win32.Zaratustra Remote File Write / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zaratustra Vulnerability: Unauthenticated Remote File Write Remote Code Exec...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/14 12:0 a.m.586 views

Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication bypass & Remote code execution product: Multiple Schneider Electric EVlink Charging Stations vulnerable version: Firmware R7 Version V3.3.0.15 fixed versio...

6.8CVSS0.6AI score0.64612EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.586 views

WebDamn User Registration And Login System With User Panel SQL Injection

Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass Date: 18-11-2020 Exploit Author: Aakash Madaan Vendor Homepage: https://webdamn.com/ Software Link : https://webdamn.com/user-management-system-with-php-mysql/ Version: N/A Default Tested on: Windows 10...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/11/26 12:0 a.m.586 views

Microsoft IIS 5.0 IDQ Path Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft II...

10CVSS0.1AI score0.96731EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/04/08 12:0 a.m.585 views

Linux Kernel 5.4 BleedingTooth Remote Code Execution

/ BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution by Andy Nguyen theflow@ This Proof-Of-Concept demonstrates the exploitation of CVE-2020-12351 and CVE-2020-12352. Compile using: $ gcc -o exploit exploit.c -lbluetooth and execute as: $ sudo ./exploit targetmac sourceip sourceport ...

5.8CVSS0.7AI score0.07693EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/11/09 12:0 a.m.585 views

Chrome V8 Turbofan Type Confusion

V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion NOTE: We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline. VULNERABILITY DETAILS When turbofan compiles code that performs a Map...

6.8CVSS9.4AI score0.48574EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/05/15 12:0 a.m.584 views

SAP Cloud Connector 2.16.1 Missing Validation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Tolerating Self-Signed Certificates product: SAP® Cloud Connector vulnerable version: 2.15.0 - 2.16.1 Portable and Installer fixed version: 2.16.2 Portable and Installer...

7.4CVSS7.1AI score0.00544EPSS
Exploits1
Packet Storm
Packet Storm
added 2020/12/10 12:0 a.m.584 views

Barcodes Generator 1.0 Cross Site Scripting

Exploit Title: Barcodes generator 1.0 - 'name' Stored Cross Site Scripting Date: 10/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/barcodes-generator-using-php-mysql-and-jsbarcode-library/ Version: 1.0 Tested On: Ubuntu 1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/17 12:0 a.m.584 views

Online Doctor Appointment Booking System PHP And MySQL 1.0 SQL Injection

Exploit Title: Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection Google Dork: N/A Date: 11/16/2020 Exploit Author: Ramil Mustafayev Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/ Software...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/20 12:0 a.m.584 views

Ricoh myPrint Hardcoded Credentials / Information Disclosure

Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 19-11-18 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...

9.7AI score0.21492EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/02/15 12:0 a.m.583 views

Backdoor.Win32.Cafeini.08.b Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8225bb6b430d5cdf523c4d0cabbe5793.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.08.b Vulnerability: Missing Authentication Description: The backdoor is writt...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/18 12:0 a.m.583 views

WordPress Fancy Product Designer For WooCommerce Cross Site Scripting

About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales. Stored XSS via SVG...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/02 12:0 a.m.582 views

Inlislite 3.1 Insecure Settings

==================================================================================================================================== | Title : Inlislite V3.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/04/19 12:0 a.m.582 views

Digital Guardian Management Console 7.1.2.0015 XXE Injection

Title: Digital Guardian Managment Console - XML External Entity Vulnerability Author: Pawel Gocyla Date: 18 April 2018 CVE: CVE-2018-10175 Affected software: ================== Digital Guardian Managment Console Version 7.1.2.0015 Description: ============ Digital Guardian is an American data los...

0.4AI score0.01214EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.581 views

Open WebUI 0.1.105 Persistent Cross Site Scripting

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...

6.3CVSS7.1AI score0.0062EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/06/21 12:0 a.m.581 views

SAP Fiori Launchpad Cross Site Scripting

Onapsis Security Advisory 2022-0005: Cross-Site Scripting XSS vulnerability in SAP Fiori launchpad Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP...

6.1CVSS0.4AI score0.01383EPSS
Exploits2
Total number of security vulnerabilities5000