Squid under the threat of Multiple Cross Site Scripting Vulnerabilities
Squid was found to be prone to multiple Cross Site Scripting Vulnerabilities. It was failing to sanitise user supplied input.
Squid was found to be prone to multiple Cross Site Scripting Vulnerabilities. It was failing to sanitise user supplied input.
Description Several Cross-Site Scripting vulnerabilities in the Curtain WordPress plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker would be
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Fixed Releases
At the time of publication, Cisco Finesse releases 12.6(1) and later contained the fix for these vulnerabilities.
See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers
Using vulnerable and outdated components is the sixth category in OWASP Top 10 web application security risks and one of
Website security refers to the security of organizational and private public-facing websites from various cyber-attacks. These attacks largely impact all
A vulnerability has been found in ZOLL Defibrillator Dashboard up to 2.1 (Forum Software) and classified as problematic. Affected by
The vulnerabilities are dependent on one another; exploitation of one of the vulnerabilities is required to exploit the other vulnerability.
Details about the vulnerabilities are as follows:
Cisco Finesse and Cisco Virtualized Voice Browser OpenSocial Gadget Editor Unauthenticated Access Vulnerability
A vulnerability in the web management interface of Cisco Finesse and Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without providing valid user credentials.
The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to obtain potentially confidential information and create arbitrary XML files.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE ID: CVE-2021-1246Bug ID(s): CSCvs52916, CSCvw27957Security Impact Rating (SIR): MediumCVSS Base Score: 6.5CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Cisco Finesse OpenSocial Gadget Editor Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE ID: CVE-2021-1245Bug ID(s): CSCvs52916Security Impact Rating (SIR): MediumCVSS Base Score: 6.1CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Overview : Multiple vulnerabilities reported in AEM’s Cloud Service offering Affected Product(s) : AEM Forms SP6 add-on for AEM 6.5.6.0
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
Overview : Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update
Overview : Multiple security vulnerabilities have been fixed and delivered in IBM products. Affected Product(s) : IBM Financial Transaction Manager
Overview : New vulnerabilities discovered in Tiki Wiki Affected Product(s) : Tiki 7.2 & 8.0 RC1 Vulnerability Details : CVE
Overview : Multiple flaws in Openfind MAIL2000 through version 6.0 and 7.0 Affected Product(s) : Openfind MAIL2000 through version 6.0
Overview : Multiple flaws was discovered in TYPO3 Core Affected Product(s) : TYPO3 versions 4.1.13 and below, 4.2.12 and below,
Overview : Multiple security vulnerabilities have been updated in IBM products Affected Product(s) : IBM Maximo Asset Management 7.6 IBM
Overview : Cisco Firepower Management Center Remote Code Execution Vulnerability CWE-20 / CVE-2019-12689 A vulnerability in the web-based management interface
Overview : Multiple security vulnerabilities have been fixed and delivered in IBM Security Directory Server. Affected Product(s) : IBM Security
Overview : Integrated Data Protection Appliance 2.3 contains fixes for multiple security vulnerabilities that may potentially be exploited by malicious
Overview : Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability CWE-399/ CVE-2019-12646 A
Overview : Stored XSS vulnerability in expandable textbox form control SECURITY-1498 / CVE-2019-10401 Jenkins form controls include an expandable textbox
Overview : Schneider Electric detected multiple vulnerabilities in its U.motion din rail and touch panels servers. Affected Product(s) : U.motion
Cisco firepower management centre was found to have vulnerabilities such as multiple CSS issues. This was mainly caused by its
[vc_row][vc_column][vc_column_text] Overview : In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.codeBeamer versions