EUVD-2007-4728

Malware in sbrugna...

CVE-2024-45336 affecting package golang for versions less than 1.23.7-1

CVE-2024-45336 affecting package golang for versions less than 1.23.7-1. A patched version of the package is available...

AZL-56005 CVE-2024-45336 affecting package golang for versions less than 1.23.7-1

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...

CVE-2023-49276

Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting XSS. Since the custom status interface can set an independent Google Analytics ID and the template has not been...

Uptime Kuma Cross-Site Scripting Vulnerability

Uptime Kuma is an easy-to-use, self-hosted monitoring tool from Louis Lam Personal Developer. A cross-site scripting vulnerability exists in Uptime Kuma versions prior to 1.23.7, which stems from the presence of a property injection vulnerability that makes it susceptible to cross-site scripting...

PT-2023-31143 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma versions prior to 1.23.7 Description: The Google Analytics element in Uptime Kuma is vulnerable to Attribute Injection, leading to Cross-Site-Scripting XSS attacks. This occurs because the custom status interface can set an...

Cross site scripting

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting XSS attacks by setting the content model for a revision to JS...