CVE-2023-47549

Unauth. Reflected Cross-Site Scripting XSS vulnerability on 302 response page in spider-themes EazyDocs plugin = 2.3.3 versions...

CVE-2023-47549

Unauth. Reflected Cross-Site Scripting XSS vulnerability on 302 response page in spider-themes EazyDocs plugin = 2.3.3 versions...

CVE-2023-47549

CVE-2023-47549 is an unauthenticated reflected XSS in EazyDocs for WordPress (spider-themes) affecting <=2.3.3 (and up to

CVE-2023-47549 WordPress EazyDocs Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability on 302 response page in spider-themes EazyDocs plugin = 2.3.3 versions...

U.S. Dept Of Defense: Account takeover on ███████ [HtUS]

Hello, I have found an endpoint in ████████ is vulnerable to Account takeover Steps to reproduce: 1. Create 2 accounts Attacker A and vicitm B 2. Log in to all of them and go to https://███████/███████/EditUserProfile with attacker's account 3. Now fill out the password with your password 4. Chan...

Server-Side Request Forgery

Dompdf is vulnerable to Information disclosure. The vulnerability exists when reading files using filegetcontents over http. If theres 302 response, it will allow a redirect to a blacklisted site...

XMLHttpRequest 302 response disclosure — Mozilla

Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but oth...