15 matches found
CVE-2019-17522
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the adminindex.php?page=settings SITE NAME field aka SITENAME, a related issue to CVE-2011-4709.1...
CVE-2019-17522
creationtimestamp| type| source ---|---|--- 2024-01-08 10:11:18+00:00| seen| Telegram/x4HWAYT4f9sYYv27KMEU7HPVlPNpfbkwuvqmYjypILtc7fb...
CVE-2017-17522 affecting package python2 for versions less than 2.7.18-8
CVE-2017-17522 affecting package python2 for versions less than 2.7.18-8. A patched version of the package is available...
CVE-2020-17522
creationtimestamp| type| source ---|---|--- 2021-01-26 20:36:21+00:00| seen| https://t.me/cibsecurity/22588...
CVE-2020-17522
The CVE-2020-17522 entry concerns Apache Traffic Control's ORT/atstccfg-generated ip_allow.config files for versions 3.0.0–3.1.0 and 4.0.0–4.1.0. The vulnerability is that these files contain permissions that could allow an attacker to push arbitrary content to CDN cache servers and remove conten...
CVE-2017-17522 affecting package python2 2.7.18-14
CVE-2017-17522 affecting package python2 2.7.18-14. A patched version of the package is available...
CVE-2019-17522
CVE-2019-17522 is a stored XSS vulnerability in Hotaru CMS v1.7.2. The issue is exploitable via the admin_index.php?page=settings SITE NAME field (SITE_NAME), allowing a malicious input to be stored and later reflected to an administrator, with the potential to execute client-side scripts. The re...
CVE-2017-17522
DISPUTED Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that...
CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...
CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...
CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...
DEBIAN-CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...
CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...
CVE-2017-17522
CVE-2017-17522 affects Lib/webbrowser.py in Python up to 3.6.3, where strings are not validated before launching the program named in the BROWSER env var, potentially enabling argument-injection via a crafted URL. Nessus notes exploitation is considered impossible due to subprocess.Popen with she...
CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...