Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the sessi
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attac
A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which execu
A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulner
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST req
A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OT
A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScrip
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable serv
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. T
Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript
A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploi
The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of
An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters avail
An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal.
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters av
Page 1+ Next →