Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

### Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. ### Patch ...

Continue Reading

23 августа, 2023

Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

### Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. ### Patch ...

Continue Reading

23 августа, 2023

XML Injection

org.apache.ivy:ivy is vulnerable to XML Injection. The vulnerability exists due to improper external DTD XML restrictions. An attacker is able to exploit this vulnerability by parsing a specially craf ...

Continue Reading

23 августа, 2023

Insufficient URL Validation

org.apache.nifi:nifi-dbcp-base is vulnerable to Insufficient URL Validation. The vulnerability allows an authenticated attacker with relevant privileges to bypass connection URL validation using custo ...

Continue Reading

23 августа, 2023

CVSS3 - MEDIUM

CVSS2 - MEDIUM

SugarCRM 12.2.0 SQL Injection

Post ContentRead More ...

Continue Reading

23 августа, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

SugarCRM 12.2.0 Bean Manipulation

Post ContentRead More ...

Continue Reading

23 августа, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

SugarCRM 12.2.0 PHP Object Injection

Post ContentRead More ...

Continue Reading

23 августа, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

CrafterCMS 4.0.2 Cross Site Scripting

Post ContentRead More ...

Continue Reading

23 августа, 2023

CVSS3 - MEDIUM

CVSS2 - MEDIUM

1 463 464 465 466 467 1 026

Back to Main
Subscribe for the latest news: