71 matches found
CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...
EUVD-2008-2419
Malware in sbrugna...
EUVD-2015-3319
Malware in sbrugna...
EUVD-2002-2225
Malware in sbrugna...
EUVD-2008-2164
Malware in sbrugna...
EUVD-2014-3166
Malware in sbrugna...
EUVD-2023-51641
Malicious code in bioql PyPI...
CVE-2023-47530
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7...
CVE-2024-9204
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER'REQUESTURI' in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress Smart Custom 404 Error Page Plugin <= 11.4.7 is vulnerable to Cross Site Scripting (XSS)
Software Smart Custom 404 Error Page Type Plugin Vulnerable versions = 11.4.7 Fixed in 11.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9204 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6f4afc297c2e Credits...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.This issue affects Redirect 404 Error Page to Homepage or Custom Page with Logs: from n/a through 1.8.7...
CVE-2023-47530
CVE-2023-47530 affects the WordPress plugin WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs (<= v1.8.7). Root cause: SQL injection due to improper neutralization of input in the plugin’s SQL queries. Impact per sources: high/severe risk (CVSS ~7.2). Affected versions:
PT-2023-3319 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak versions affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by settin...
K10204425: PHP vulnerability CVE-2018-5712
Security Advisory Description An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Impact There is no impact; F5 products are not...
Malicious Package
Overview website-404-error-page is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in website-404-error-page (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73bf65ffbe607175a82640f4548763aeb97f1f0e322c0735470fdccd5d757e43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-836P-6P4J-35CG Drupal Open Redirect
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging 1 custom code or 2 a form shown on a 404 error page, related to path manipulation...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1747)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross-site Scripting (XSS)
PHP is vulnerable to cross-site scripting attacks. A remote unauthenticated attacker could cause reflected cross-site scripting on the PHAR 404 error page via the URI of a request for a .phar file...
CVE-2019-3498
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...