5 matches found
CVE-2025-27088
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted...
CVE-2025-27088 Reflected Cross-site Scripting (XSS) in template implementation in oxyno-zeta/s3-proxy
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted...
CVE-2025-27088 Reflected Cross-site Scripting (XSS) in template implementation in oxyno-zeta/s3-proxy
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted...
CVE-2025-27088
The CVE-2025-27088 issue affects oxyno-zeta/s3-proxy (Go) and is caused by rendering the Request.URL.Path into HTML in the folder-list template without proper sanitization, enabling reflected XSS via crafted URLs. Public advisories state that affected versions are vulnerable to script injection, ...
CVE-2025-27088
creationtimestamp| type| source ---|---|--- 2025-02-20 21:43:36+00:00| published-proof-of-concept| https://github.com/oxyno-zeta/s3-proxy/security/advisories/GHSA-pp9m-qf39-hxjc 2025-02-20 23:16:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4824 2025-02-21...