Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications.
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications.
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host,
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection.
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
Page 1+ Next →