this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an....
6.3CVSS
6.3AI Score
0.001EPSS
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more.....
8.1CVSS
7.8AI Score
0.009EPSS
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016...
6.5CVSS
6.5AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...
5.5AI Score
0.001EPSS
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink...
8.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path...
7.9AI Score
0.039EPSS
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via...
6.8AI Score
0.02EPSS