Exploitation of this flaw requires social engineering of the user. An attacker can exploit this by sending a request to the MySQL Installer to change a setting.
8. XSS in the Access Manager Plugin (CVE-2017-9088). A stored cross site scripting (XSS) vulnerability was found in the Access Manager Plugin. The Access Manager Plugin allows you to control user access to your installation of Access Manager via a web interface. An attacker could exploit this by sending a malicious request to the Access Manager Plugin to gain access to a vulnerable installation of Access Manager. XSS is a type of malicious code that has the ability to invade data on a website and execute code within that website's database. XSS vulnerabilities are often a result of a lack of input validation on a website. When a user is submitting data to a website, it is important that that data is validated to ensure that it is not malicious before it is stored in a database. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N).
9. XSS in the Cyberoam Web interface (CVE-2017-9079). A stored cross site scripting (XSS) vulnerability was found in the Cyberoam Web interface. The Cybero
Stored Cross Site Scripting (XSS) Vulnerability in the Cyberoam Web Interface
A stored cross site scripting (XSS) vulnerability was found in the Cyberoam Web interface. The Cyberoam Web interface allows you to control user access to your installation of Cyberoam via a web interface. An attacker could exploit this by sending a malicious request to the Cyberoam Web interface to gain access to a vulnerable installation of Cyberoam. XSS is a type of malicious code that has the ability to invade data on a website and execute code within that website's database. XSS vulnerabilities are often a result of a lack of input validation on a website. When a user is submitting data to a website, it is important that that data is validated to ensure that it is not malicious before it is stored in a database. CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N).
10. XSS in the Cisco AnyConnect Secure Mobility Client (CVE-2017-9076). A stored cross site scripting (XSS) vulnerability was found in the Cisco AnyConnect Secure Mobility Client when using HTTP or HTTPS connections for Online Services and VPN Connections between Internal Users and External Networks for VPN Users who are assigned VPN groups with specific filters applied during enrollment through the Cisco AnyConnect Secure Mobility Client GUI.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC