7 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2). • https://scomsupport.squaredup.com/hc/en-us/articles/9476404119197-CVE-2022-46785-Prototype-pollution-leading-to-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). • https://scomsupport.squaredup.com/hc/en-us/articles/9476419759005-CVE-2022-46786-Stored-Cross-Site-Scripting https://support.squaredup.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) • https://scomsupport.squaredup.com/hc/en-us/articles/9476404091677-CVE-2022-46784-Client-side-open-redirection • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF. Se ha descubierto un problema en WSO2 Dashboard Server versión 2.0.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos) y realizar peticiones a estaciones de trabajo adyacentes (escaneo de red), también se conoce como SSRF. • https://wso2.com/security-patch-releases/dashboard-server https://www.excellium-services.com/cert-xlm-advisory • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS. Se descubriò un problema en WSO2 Dashboard Server versión 2.0.0. Es posible ingresar una carga de JavaScript que se almacenará en la base de datos y luego se mostrará y ejecutará en la misma página, también se conoce como una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://wso2.com/security-patch-releases/dashboard-server https://www.excellium-services.com/cert-xlm-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •