Bytedesk 代码问题漏洞

Bytedesk is a multi-channel intelligent customer service platform developed by the individual developers of bytedesk.com. Versions of Bytedesk 1.3.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter apiUrl in the file...

CVE-2025-68150

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

CVE-2025-68150

CVE-2025-68150 affects Parse Server where the Instagram OAuth adapter allows an attacker to supply a custom apiURL in authData, enabling Server-Side Request Forgery (SSRF) and potentially authentication bypass by hitting malicious endpoints. Root cause: client-provided apiURL is not validated and...

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

Cross site scripting

Cross-site scripting XSS vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop swipe-hq-checkout-for-jigoshop plugin 3.1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter...

CVE-2014-4557

Cross-site scripting XSS vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop swipe-hq-checkout-for-jigoshop plugin 3.1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter...