Lucene search
K

31 matches found

Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-54015

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Reflected cross-site scripting occurs because unsanitized content is echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0021

Malware in sbrugna...

6.1CVSS6.1AI score0.02003EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-22252

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:47 a.m.6 views

CVE-2024-27917

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7AI score0.00611EPSS
Exploits0References1
NVD
NVD
added 2024/03/06 8:15 p.m.31 views

CVE-2024-27917

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7.6AI score0.00611EPSS
Exploits0References4
Prion
Prion
added 2024/03/06 8:15 p.m.28 views

Session fixation

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

5CVSS7.6AI score0.00611EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/06 7:36 p.m.13 views

CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7AI score0.00611EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/06 7:36 p.m.36 views

CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7.8AI score0.00611EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 7:36 p.m.38 views

CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7.6AI score0.00611EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 3:6 p.m.16 views

GHSA-C2F9-4JMM-V45M Shopware's session is persistent in Cache for 404 pages

Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/03/06 3:6 p.m.24 views

Shopware's session is persistent in Cache for 404 pages

Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...

7.5CVSS7.1AI score0.00611EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/02/12 7:15 a.m.26 views

CVE-2024-24889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...

6.1CVSS6.3AI score0.00331EPSS
Exploits0References1
Prion
Prion
added 2024/02/12 7:15 a.m.23 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...

5.8CVSS7.1AI score0.00331EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2023/10/09 2:0 p.m.21 views

The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages

...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.6 views

SUSE CVE-2005-3424

Cross-site scripting XSS vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425...

4.3CVSS6.1AI score0.01437EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS4.7AI score0.00894EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:1 a.m.2 views

GHSA-6456-XJM5-G3PG Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS6.2AI score0.00894EPSS
Exploits0References5
NVD
NVD
added 2021/04/05 7:15 p.m.18 views

CVE-2021-24176

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard...

5.4CVSS0.02044EPSS
Exploits2References2
Hacker One
Hacker One
added 2019/10/17 10:16 p.m.52 views

Starbucks: WAF bypass via double encoded non standard ASCII chars permitted a reflected XSS on response page not found pages - (629745 bypass)

Summary: Report 629745 not properly resolved: "Many Starbucks websites are vulnerable to cross-site scripting on 404 pages because double quotes lack sanitizing in hidden input tags, which leads to JavaScript execution". Description: Report 629745 caught my attention, so I began testing the WAF t...

6.3AI score
Exploits0
Veracode
Veracode
added 2019/01/07 5:6 a.m.19 views

Content Spoofing

django is vulnerable to content spoofing attacks. The vulnerability exists in the default 404 pages where request.path was not sanitized and can be used to display unwanted HTML on the default 404 pages...

6.5CVSS6.3AI score0.03685EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder