A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign.  An attacker could hijack a user's session and perform other attacks.


 

 Loading...

Skip to page contentSkip to chat

Skip to page contentSkip to chat

CVE-2023-37501: Knowledge Article View HCL - Customer Support

The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint

CVE-2023-30950: Palantir | Trust and Security Portal

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.

This defect was resolved with the release of Foundry Frontend 6.225.0.



CVE-2023-30958: Palantir | Trust and Security Portal

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). 

CVE-2023-30951: Palantir | Trust and Security Portal

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .

CVE-2023-30952: Palantir | Trust and Security Portal

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.


CVE-2023-37497: Knowledge Article View HCL - Customer Support

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
 This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

*   When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    
    **Fixed Releases**
    
    At the time of publication, the release information in the following table was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
    
    The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.
    
     
    
    Cisco BroadWorks Application Delivery Platform with CommPilot-25, CommPilot-24, and CommPilot-23 Release
    
    First Fixed Release
    
    Release Independent (RI)
    
    RI 2023.06
    
      
    
     
    
    Cisco BroadWorks Application Server Software Release
    
    First Fixed Release
    
    Earlier than 23.0
    
    Migrate to a fixed release.
    
    23.0
    
    AP.as.23.0.1075.ap385295.Linux-x86\_64.zip
    
    24.0
    
    AP.as.24.0.944.ap385295.Linux-x86\_64.zip
    
    Release Independent (RI)
    
    RI 2023.06
    
      
    
     
    
    Cisco BroadWorks Xtended Services Platform Software Release
    
    First Fixed Release
    
    Earlier than 23.0
    
    Migrate to a fixed release.
    
    23.0
    
    AP.xsp.23.0.1075.ap385295.Linux-x86\_64.zip
    
    The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

CVE-2023-20204: Cisco Security Advisory: Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform.  An attacker could hijack a user's session and perform other attacks.


CVE-2023-37499: Knowledge Article View HCL - Customer Support

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform.  An attacker could hijack a user's session and perform other attacks.


CVE-2023-37500: Knowledge Article View HCL - Customer Support

A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.  It is possible that an attacker could potentially escalate their privileges.


Source

CVE