An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application.
There are currently no known workarounds.ĭell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.Ī vulnerability has been identified in Desigo PXM30-1 (All versions Graphs tab. Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.ĮTAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS).
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input.
0 kommentar(er)
