Under certain circumstances, this could lead to Cross-Site Scripting vulnerability. SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Server-side validation should be implemented to prevent this vulnerability. As of time of publication, a patch is not available. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. Grav is a flat-file content management system. Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |