Lightning Wire Labs IPFire 2.21 (x86_64) – Core Update 130 is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking (local). The component is: Affected at Routing configuration via the "Remark" text box or "remark" parameter. The attack vector is: Attacker need to craft the malicious javascript code. Devamını Oku
IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. Devamını Oku
A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules. Devamını Oku
Netgate pfSense Community Edition 2.4.4 – p2 (arm64) is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking, Information Leakage (local). The component is: pfSense Dashboard, Work-on-LAN Service configuration. The attack vector is: Inject the malicious JavaScript code in Description text box or parameter. Devamını Oku
Lightning Wire Labs IPFire 2.21 (x86_64) – Core Update 130 is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking (local). The component is: Affected at Routing configuration via the "Remark" text box or "remark" parameter. The attack vector is: Attacker need to craft the malicious javascript code. Devamını Oku
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. Devamını Oku
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. Devamını Oku
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. Devamını Oku
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. Devamını Oku
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. Devamını Oku
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. Devamını Oku