39 matches found
Mapfish Print: Remote Code Injection (RCE) in Dynamic table
Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version please check affected/patched version matrix Credits Bug Bounty of Canton du Jura...
CVE-2026-39837 Stored XSS through the dynamic table format in Cargo
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39837 Stored XSS through the dynamic table format in Cargo
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39837
CVE-2026-39837 is a stored XSS vulnerability in the WikiWorks MediaWiki – Cargo Extension affecting versions before 3.8.7. The issue stems from the improper neutralization of Script-Related HTML tags in a web page, enabling stored cross-site scripting. The connected records do not provide explici...
neqo-qpack has iInteger overflow in qpack dynamic table indexing
Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...
GHSA-6W86-WGWQ-RGQ8 neqo-qpack has iInteger overflow in qpack dynamic table indexing
Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...
EUVD-2025-27091
Malicious code in bioql PyPI...
CVE-2025-10066
A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...
POS Point of Sale System /dymanic_table.php File Cross-Site Scripting Vulnerability
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...
CVE-2025-10066
CVE-2025-10066 affects itsourcecode POS Point of Sale System 1.0. The vulnerability is an XSS in an unknown function within /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php caused by improper handling of the scripts argument. This could allow remote attackers to execute...
Online Shopping Portal dymanic_table.php File Cross-Site Scripting Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...
CVE-2024-10754 PHPGurukul Online Shopping Portal dymanic_table.php cross site scripting
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unittesting/templates/dymanictable.php. The manipulation of the argument scripts leads to cross site...
PHPGurukul Online Shopping Portal 跨站脚本漏洞
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...
GHSA-FFQ8-576R-V26G HPACK Denial of Service vulnerability (HPACK Bomb)
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...
The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server web server arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failur...
UBUNTU-CVE-2015-3249
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...
DEBIAN-CVE-2015-3249
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...
CVE-2015-3249
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...
CVE-2016-6581
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...