28 matches found
CVE-2026-11511
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...
EUVD-2026-35059
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...
Bolt CMS 注入漏洞
Bolt CMS is an open-source content management system based on PHP, developed by Bolt CMS. Versions of Bolt CMS 3.7.5 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the handling of the 'style' parameter in the Component HTML Attribute Handler file,...
CVE-2026-3268
A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the Session Attribute Handler component. An attacker can modify or remove session attributes without proper authorization by sending crafted requests to the affected component. Remediation There is no...
CVE-2026-3268
A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...
CVE-2026-3268 psi-probe PSI Probe Session Attribute RemoveSessAttributeController.java access control
A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...
PT-2026-22227
Name of the Vulnerable Software and Affected Versions PSI Probe versions up to 5.3.0 Description A flaw exists in PSI Probe that involves improper access controls. This issue is related to a function within the...
EUVD-2018-13842
Malware in sbrugna...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a module uninstallation race condition in the gpio aggregator driver attribute handler...
The vulnerability of the Oracle LDAP Attribute Handler component in the access control solutions from Broadcom and Symantec Identity Manager and Symantec Identity Governance and Administration allows a attacker to execute XSS attacks.
The vulnerability of the Oracle LDAP Attribute Handler component in the access control solutions from Broadcom and Symantec Identity Manager and Symantec Identity Governance and Administration relates to the lack of security measures for the website structure. Exploiting this vulnerability could...
The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code.
The vulnerability of the Object Attribute Handler component in the cross-platform FTP server CrushFTP is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests containing AS2 headers...
PT-2023-6955 · Crushftp · Crushftp
Name of the Vulnerable Software and Affected Versions: CrushFTP versions prior to 10.5.1 Description: The issue is related to errors in handling input data in the Object Attribute Handler component of the CrushFTP cross-platform FTP server. Exploitation of this issue may allow a remote attacker t...
CVE-2018-25089
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089 glb Meetup Tag Extension Link Attribute reverse tabnabbing
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
CVE-2018-25089 glb Meetup Tag Extension Link Attribute reverse tabnabbing
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to versi...
PT-2023-10829 · Mediawiki · Glb Meetup Tag Extension
Name of the Vulnerable Software and Affected Versions: glb Meetup Tag Extension version 0.1 Description: A vulnerability was found in the glb Meetup Tag Extension on MediaWiki, affecting the Link Attribute Handler component. The issue leads to the use of a web link to an untrusted target with...
Meetup Tag 安全漏洞
Meetup Tag is a MediaWiki plugin. A security vulnerability exists in version 0.1 of the Meetup tag extension for mediawiki, which stems from some unknown handling in the component ink Attribute Handler, which can be used to access web links to untrusted targets via window.opener...
GHSA-HX4H-676R-J3QP layui vulnerable to cross-site scripting
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...
CVE-2023-3691
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...