Show filters
36 Total Results
Displaying 21-30 of 36
Sort by:
Attacker Value
Unknown

CVE-2016-10993

Disclosure Date: September 17, 2019 (last updated November 27, 2024)
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-0245

Disclosure Date: January 08, 2019 (last updated November 27, 2024)
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2484

Disclosure Date: January 08, 2019 (last updated November 27, 2024)
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-0244

Disclosure Date: January 08, 2019 (last updated November 27, 2024)
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2486

Disclosure Date: December 11, 2018 (last updated November 27, 2024)
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
0
Attacker Value
Unknown

CVE-2018-2419

Disclosure Date: May 09, 2018 (last updated November 26, 2024)
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
0
0
Attacker Value
Unknown

CVE-2016-0571

Disclosure Date: January 21, 2016 (last updated October 05, 2023)
Unspecified vulnerability in the Oracle Balanced Scorecard component in Oracle E-Business Suite 11.5.10.2 and 12.1 allows remote attackers to affect confidentiality via unknown vectors.
0
0
Attacker Value
Unknown

CVE-2015-7541

Disclosure Date: January 08, 2016 (last updated November 25, 2024)
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
0
0
Attacker Value
Unknown

CVE-2014-4573

Disclosure Date: July 02, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) o parameter.
0
0
Attacker Value
Unknown

CVE-2014-2609

Disclosure Date: June 19, 2014 (last updated October 05, 2023)
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.
0
0
View More Topics  < Previous  Next >