| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate that was detected before disclosure. Notes: None |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, CVE-2012-6581. Reason: This candidate is a duplicate of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581. Notes: All CVE users should reference one or more of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4843. Reason: This candidate is a duplicate of CVE-2006-4843. Notes: All CVE users should reference CVE-2006-4843 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2004. Notes: none |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. This vulnerability is fixed in 2.19.0. |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7469. Reason: This candidate is a reservation duplicate of CVE-2013-7469. Notes: All CVE users should reference CVE-2013-7469 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none |
| Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and JavaScript code, potentially leading to a Cross-Site Scripting (XSS) attack. Users are advised to upgrade to version 2.17.0+. There are no known workarounds for this vulnerability. |
| BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted from an untrusted source. An
attacker can retrieve information from the SAP ADS system and exhaust the
number of XMLForm service which makes the SAP ADS rendering (PDF creation)
unavailable. This affects the confidentiality and availability of the
application. |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-4409. Reason: This candidate is a duplicate of CVE-2008-4409. Notes: All CVE users should reference CVE-2008-4409 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
| Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included in
the request URL as query or path parameters. On successful exploitation, this
could lead to a High impact on confidentiality and integrity of the
application. |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-8363. Reason: This candidate is a reservation duplicate of CVE-2019-8363. Notes: All CVE users should reference CVE-2019-8363 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2863. Reason: This candidate is a reservation duplicate of CVE-2008-2863. Notes: All CVE users should reference CVE-2008-2863 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
| Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability. |
| The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application |
| A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0253. Reason: This candidate is a reservation duplicate of CVE-2011-0253. Notes: All CVE users should reference CVE-2011-0253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
