Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Appscan source'
2019-12-18
CVE-2019-4388
CWE-79
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.
2019-09-25
CVE-2019-16188
CWE-611
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks.
>>>
Vendor:
Hcltech
21
Produkty
Legacy ivr firmware
Appscan source
Appscan
Self-service application
Connections
Hcl nomad
Hcl digital experience
Marketing campaign
Bigfix webui
Bigfix platform
Digital experience
Hcl domino
Domino
Notes
Hcl inotes
Traveler companion
Hcl sametime
Bigfix insights
Bigfix compliance
Traveler
Onetest server
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Appscan source' 
Polish
English