37 matches found
Twisted - Open Redirect & XSS
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...
EUVD-2025-41810
Malicious code in siska-brengkes9-ruro npm...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to cross-site scripting in Twisted [CVE-2024-41810]
Summary IBM Watson Speech Services Cartridge is vulnerable to to cross-site scripting in Twisted, caused by improper validation of user-supplied input by the HTTP redirect body CVE-2024-41810. Twisted is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site scripting in Twisted [CVE-2024-41810]
Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site scripting in Twisted, caused by improper validation of user-supplied input by the HTTP redirect body CVE-2024-41810. Twisted is used by our Speech Runtimes. This vulnerabilitiy has been addressed. Please read the details for...
openSUSE Security Advisory (SUSE-SU-2024:2860-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2880-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2025-0054 Updated python-twisted packages fix security vulnerabilities
Twisted.web has disordered HTTP pipeline response. CVE-2023-46137 Twisted.web has disordered HTTP pipeline response. CVE-2024-41671 HTML injection in HTTP redirect body. CVE-2024-41810...
Azure Linux 3.0 Security Update: python-twisted (CVE-2024-41810)
The version of python-twisted installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41810 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. The...
[SECURITY] [DLA 3970-1] twisted security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3970-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 28, 2024 https://wiki.debian.org/LTS -...
Debian dla-3970 : python3-twisted - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3970 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3970-1 [email protected]...
Medium: python-twisted
Issue Overview: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected...
[SECURITY] [DSA 5797-1] twisted security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5797-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2024 https://www.debian.org/security/faq -...
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:7312)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7312 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
Ubuntu: Security Advisory (USN-6988-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CBL Mariner 2.0 Security Update: python-twisted (CVE-2024-41810)
The version of python-twisted installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41810 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. The...
CVE-2024-41810 affecting package python-twisted for versions less than 22.10.0-3
CVE-2024-41810 affecting package python-twisted for versions less than 22.10.0-3. A patched version of the package is available...
CVE-2024-41810 affecting package python-twisted for versions less than 22.10.0-3
CVE-2024-41810 affecting package python-twisted for versions less than 22.10.0-3. A patched version of the package is available...
SUSE: Security Advisory (SUSE-SU-2024:2880-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:2880-1 Security update for python-Twisted
This update for python-Twisted fixes the following issues: - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order bsc1228549 - CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response bsc1228552...
SUSE: Security Advisory (SUSE-SU-2024:2860-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...