Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the improper validation of X-Forwarded-For and Forwarded headers forwarded from untrusted proxies. An attacker can manipulate the server's behavior by sending crafted headers fro...

PT-2024-30610 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 and later Description: The issue is related to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability that allows XSS Through HTTP Headers. This can lead to security issues, as it enables...

PT-2024-25701

Name of the Vulnerable Software and Affected Versions Archer Platform versions prior to 2024.03 Description An issue was discovered in the Archer Platform, where an X-Forwarded-For Header Bypass vulnerability exists. This allows an unauthenticated attacker to potentially bypass intended...

PT-2024-21179 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. This enables attackers to...

PT-2024-13395 · Abo.Cms · Abo.Cms

Name of the Vulnerable Software and Affected Versions: ABO.CMS version 5.9.3 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via a crafted payload to the Referer header. This enables the attacker to perform unauthorized actions on the affected system...

PT-2023-8832

Name of the Vulnerable Software and Affected Versions Axios versions 0.8.1 through 1.5.1 Description The issue is related to a JavaScript library and involves a cross-site request forgery vulnerability. This vulnerability can allow a remote attacker to gain unauthorized access to the XSRF-TOKEN...