13 matches found
undici: Undici: Information disclosure due to improper cache-control header parsing
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...
undici: Undici: Information disclosure due to improper cache-control header parsing
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...
Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...
GHSA-855C-R2VQ-C292 Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...
CVE-2026-35569
CVE-2026-35569 affects ApostropheCMS <= 4.28.0. A stored XSS in SEO fields (SEO Title and Meta Description) allows injecting JavaScript via improper output encoding into HTML contexts such as , attributes, and JSON-LD. This can enable an authenticated user to execute arbitrary JS in the admin...
CVE-2026-35569 ApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...
GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...
CVE-2024-10797
The CVE-2024-10797 entry concerns the WordPress plugin Full Screen Menu for Elementor. Affected: Full Screen Menu for Elementor (WordPress plugin) up to version 1.0.7. Nature: Information Exposure via the Full Screen Menu Elementor Widget, caused by insufficient restrictions on which posts can be...
WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Seraphinite Accelerator versions = 2.22.15...
CVE-2024-52323
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...
Drupal Freelinking module < 4.0.1 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Matthew Radcliffe in WordPress Module Freelinking versions 4.0.1...
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Otter Blocks PRO versions = 2.6.11...