GHSA-569Q-MPPH-WGWW Better Auth affected by external request basePath modification DoS

Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...

PT-2024-22134 · Symfony +2 · Symfony +2

Name of the Vulnerable Software and Affected Versions: Shopware versions 6.5.8.0 through 6.5.8.6 Description: The issue arises from the Symfony Session Handler popping the Session Cookie and assigning it to the Response. Since Shopware 6.5.8.0, 404 pages are cached to improve performance, resulti...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

CVE-2022-38704

Cross-Site Request Forgery CSRF vulnerability in SEO Redirection plugin = 8.9 at WordPress, leading to deletion of 404 errors and redirection history...

CVE-2022-2118

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2118

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2118 404s < 3.5.1 - Admin+ Stored Cross-Site Scripting

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2118

The CVE-2022-2118 entry concerns the WordPress 404s plugin, where versions before 3.5.1 fail to sanitize and escape fields, enabling stored XSS by high-privilege users (e.g., admin). Exploitation context is authenticated/admin access, with payloads visible via the plugin’s 404 handling. The vulne...

WordPress plugin 404s 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress 404s plugin <= 3.4.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vivek Kumar Jaiswal in WordPress 404s plugin versions = 3.4.9. Solution Update the WordPress 404s plugin to the latest available version at least 3.5.1...