Page 8 of 59 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session. Adobe Connect, en versiones 9.8.1 y anteriores, tiene una vulnerabilidad de exposición de token de sesión. Su explotación con éxito podría provocar la exposición de privilegios ortogados a una sesión. • http://www.securityfocus.com/bid/106469 https://helpx.adobe.com/security/products/connect/apsb19-05.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation. Adobe Connect, en versiones 9.7.5 y anteriores, tiene una vulnerabilidad de carga insegura de bibliotecas. Su explotación con éxito podría conducir al escalado de privilegios. • http://www.securityfocus.com/bid/104696 https://helpx.adobe.com/security/products/connect/apsb18-22.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking. Adobe Connect, en versiones 9.7.5 y anteriores, tiene una vulnerabilidad de omisión de autenticación. Su explotación con éxito podría resultar en un secuestro de sesión. • http://www.securityfocus.com/bid/104697 http://www.securitytracker.com/id/1041264 https://helpx.adobe.com/security/products/connect/apsb18-22.html • CWE-287: Improper Authentication •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. El módulo de node connect en versiones anteriores a la 2.14.0 sufre de una vulnerabilidad de Cross-Site Scripting (XSS) debido a la falta de validación de un archivo en el middleware directory.js. • https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b https://hackerone.com/reports/309394 https://hackerone.com/reports/309641 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •