Show filters
14 Total Results
Displaying 1-10 of 14
Sort by:
Attacker Value
Unknown

CVE-2024-43025

Disclosure Date: September 18, 2024 (last updated February 26, 2025)
An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-43024

Disclosure Date: September 18, 2024 (last updated February 26, 2025)
Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-2595

Disclosure Date: August 01, 2022 (last updated February 24, 2025)
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2098

Disclosure Date: June 16, 2022 (last updated February 23, 2025)
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2029

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-2028

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-2027

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-2026

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-8987

Disclosure Date: March 09, 2020 (last updated February 21, 2025)
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-6960

Disclosure Date: October 16, 2014 (last updated October 05, 2023)
The Multitrac (aka com.multitrac) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
0
0
View More Topics  Next >