Show filters
13,160 Total Results
Displaying 571-580 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-37351
Disclosure Date: June 20, 2024 (last updated September 10, 2024)
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with other system
administrator’s use of the management UI when the second administrator later
edits the same management object. This vulnerability is distinct from CVE-2024-37348 and
CVE-2024-37349. The scope is unchanged, there is no loss of confidentiality. Impact
to system integrity is high, impact to system availability is none.
0
Attacker Value
Unknown
CVE-2024-37349
Disclosure Date: June 20, 2024 (last updated September 10, 2024)
There is a cross-site scripting vulnerability in the
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with other system
administrator’s use of the management UI when the victim administrator edits
the same management object. This vulnerability is distinct from CVE-2024-37348 and
CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact
to system integrity is high, impact to system availability is none.
0
Attacker Value
Unknown
CVE-2024-37348
Disclosure Date: June 20, 2024 (last updated August 08, 2024)
There is a cross-site
scripting vulnerability in the management UI of Absolute Secure Access prior to
version 13.06. Attackers with system administrator permissions can interfere
with another system administrator’s use of the management UI when the second
administrator later edits the same management object. This vulnerability is
distinct from CVE-2024-37349 and CVE-2024-37351. The scope is unchanged,
there is no loss of confidentiality. Impact to system integrity is high, impact
to system availability is none.
0
Attacker Value
Unknown
CVE-2024-37347
Disclosure Date: June 20, 2024 (last updated August 07, 2024)
There is a cross-site scripting vulnerability in the pool
configuration component of the management UI of Absolute Secure Access prior to
13.06. Attackers with system administrator permissions can pass a limited
length script to be run by another administrator. The scope is unchanged, there
is no loss of confidentiality. Impact to system integrity is high, impact to
system availability is none.
0
Attacker Value
Unknown
CVE-2024-37346
Disclosure Date: June 20, 2024 (last updated August 08, 2024)
There is an insufficient input validation vulnerability in
the Warehouse component of Absolute Secure Access prior to 13.06. Attackers
with system administrator permissions can impair the availability of certain
elements of the Secure Access administrative UI by writing invalid data to the
warehouse over the network. There is no loss of warehouse integrity or
confidentiality, the security scope is unchanged. Loss of availability is high.
0
Attacker Value
Unknown
CVE-2024-37344
Disclosure Date: June 20, 2024 (last updated August 07, 2024)
There is a cross-site scripting vulnerability in the Policy
management UI of Absolute Secure Access prior to version 13.06. Attackers with
system administrator permissions can interfere with another system
administrator’s use of the policy management UI when the administrators are
editing the same policy object. The scope is unchanged, there is no loss of
confidentiality. Impact to system availability is none, impact to system
integrity is high.
0
Attacker Value
Unknown
CVE-2024-23443
Disclosure Date: June 19, 2024 (last updated August 20, 2024)
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
0
Attacker Value
Unknown
CVE-2024-5172
Disclosure Date: June 18, 2024 (last updated July 06, 2024)
The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-3276
Disclosure Date: June 18, 2024 (last updated July 06, 2024)
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
0
Attacker Value
Unknown
CVE-2024-6059
Disclosure Date: June 17, 2024 (last updated September 24, 2024)
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
0