152 matches found
CVE-2025-5990
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
CVE-2025-5990
The CVE-2025-5990 entry concerns Crafty Controller. A stored XSS vulnerability arises from improper neutralization of input in the Server Name form and API Key form components, enabling a remote, authenticated attacker to inject malicious input. Technical details from PT-2025-25503 specify affect...
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...
PT-2025-25503 · Unknown · Crafty Controller
Name of the Vulnerable Software and Affected Versions: Crafty Controller versions 4.2.2 through 4.2.3 Crafty Controller versions 4.3.0 through 4.3.2 Crafty Controller versions 4.4.0 through 4.4.9 Description: An input neutralization vulnerability in the Server Name form and API Key form component...
Crafty Controller 跨站脚本漏洞
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improperly neutralized inputs to the server name form and API key form components, which could lead to a stored cross-site scripting attack...
CVE-2011-3723
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...
CVE-2017-18578
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS...
CVE-2024-1064
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
CVE-2024-42981
The CVE-2024-42981 vulnerability affects Tenda FH1206 v02.03.01.35. Root cause: a stack overflow in the delno parameter of the fromPptpUserSetting function, exploitable via a crafted POST request, leading to Denial of Service. Connected sources consistently describe the same issue across multiple...
Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats
Google's Gemini large language model LLM is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Goog...
craftypint.com Cross Site Scripting vulnerability OBB-3853434
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Design/Logic Flaw
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
CVE-2024-1064
Summary of CVE-2024-1064 (Crafty Controller) : The issue is a host header injection in the HTTP handler of Crafty Controller, enabling a remote, unauthenticated attacker to trigger a Denial of Service via a modified Host header. Reported CVSSv3.1 base score is 7.5 (HIGH) with NETWORK attack vecto...
PT-2024-16425 · Unknown · Crafty Controller
Name of the Vulnerable Software and Affected Versions: Crafty Controller affected versions not specified Description: A host header injection issue in the HTTP handler component allows a remote, unauthenticated attacker to trigger a Denial of Service DoS condition via a modified host header...
Crafty Controller Security Vulnerability
Crafty Controller is a Minecraft server control panel/launcher. A security vulnerability exists in Crafty Controller that stems from the presence of a host header injection vulnerability that allows an unauthenticated, remote attacker to trigger a denial of service DoS via a modified host header...
CVE-2023-2135
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Code injection
Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, bu...