Security
Headlines
HeadlinesLatestCVEs

Tag

#asp.net

CVE-2022-30349: 跨站脚本攻击(xss) · Issue #3238 · siteserver/cms

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

CVE
Open in Source
#sql#xss#web#mac#windows#js#git#intel#firefox#asp.net
HighCMS/HighPortal 12.x SQL Injection

HighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.

CVE-2022-28110: SQL Injection | OWASP Foundation

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

CVE-2022-28110: SQL Injection | OWASP Foundation

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

CVE-2022-27461: Free and open-source eCommerce platform. ASP.NET based shopping cart.

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.

CVE-2021-43853: Cross-Site Scripting Security Vulnerability

Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.

CVE-2021-35237: KSS 9.8 Release Notes

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.

CVE-2021-27852: CERT/CC Vulnerability Note VU#706695

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.