CVE-2021-39009 IBM Cognos Analytics stores users' credentials in plain text, which can be read by a local privileged user.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by
CVE-2021-20468 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
An attacker could exploit this vulnerability by persuading a user to click a maliciously crafted link. A successful exploit could allow the attacker to access
CVE-2022-36773 IBM Cognos Analytics is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
In certain configurations, IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a Denial of Service (DoS) attack.
CVE-2022-36583 DedeCMS V5.7.97 has XSS vulnerabilities at /dede/co_do.php via dopost, rpok, and aid parameters.
A remote attacker could leverage these issues to execute arbitrary code in the context of the affected website.
An unauthenticated user could also access and
CVE-2022-3072 Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
This type of injection allows an attacker to inject arbitrary code in another web application’s user session through the manipulation of request parameters. The
Episode
00:00:00
00:00:00