23 matches found
CVE-2026-3268
A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the Session Attribute Handler component. An attacker can modify or remove session attributes without proper authorization by sending crafted requests to the affected component. Remediation There is no...
CVE-2026-3268
A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...
CVE-2026-3268 psi-probe PSI Probe Session Attribute RemoveSessAttributeController.java access control
A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...
PT-2026-22227
Name of the Vulnerable Software and Affected Versions PSI Probe versions up to 5.3.0 Description A flaw exists in PSI Probe that involves improper access controls. This issue is related to a function within the...
EUVD-2018-13842
Malware in sbrugna...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a module uninstallation race condition in the gpio aggregator driver attribute handler...
PT-2023-6955 · Crushftp · Crushftp
Name of the Vulnerable Software and Affected Versions: CrushFTP versions prior to 10.5.1 Description: The issue is related to errors in handling input data in the Object Attribute Handler component of the CrushFTP cross-platform FTP server. Exploitation of this issue may allow a remote attacker t...
CVE-2018-25089
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089 glb Meetup Tag Extension Link Attribute reverse tabnabbing
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089 glb Meetup Tag Extension Link Attribute reverse tabnabbing
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
Meetup Tag 安全漏洞
Meetup Tag is a MediaWiki plugin. A security vulnerability exists in version 0.1 of the Meetup tag extension for mediawiki, which stems from some unknown handling in the component ink Attribute Handler, which can be used to access web links to untrusted targets via window.opener...
PT-2023-10829 · Mediawiki · Glb Meetup Tag Extension
Name of the Vulnerable Software and Affected Versions: glb Meetup Tag Extension version 0.1 Description: A vulnerability was found in the glb Meetup Tag Extension on MediaWiki, affecting the Link Attribute Handler component. The issue leads to the use of a web link to an untrusted target with...
GHSA-HX4H-676R-J3QP layui vulnerable to cross-site scripting
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...
CVE-2023-3691
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...
CVE-2023-3691
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...
Cross site scripting
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...
CVE-2023-3691 layui HTML Attribute cross site scripting
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...
CVE-2023-3691
Layui up to v2.8.0-rc.16 contains a cross-site scripting vulnerability in the HTML Attribute Handler where manipulating the title argument enables XSS. The issue can be triggered remotely, and upgrading to version 2.8.0 addresses the vulnerability. Multiple connected sources (including Red Hat, C...
PT-2023-25738 · Layui · Layui
Name of the Vulnerable Software and Affected Versions: layui versions up to v2.8.0-rc.16 Description: A problematic issue was found in the HTML Attribute Handler component, where the manipulation of the title argument leads to cross-site scripting. This can be initiated remotely. Recommendations:...