3858 matches found
CVE-2020-4239
IBM Tivoli Netcool Impact 7.1.0.0–7.1.0.17 is affected by CVE-2020-4239, a remote information-disclosure flaw where detailed browser error messages reveal sensitive data. Root cause: information leakage through verbose errors. Impact: potential exposure of confidential information. Remediation: u...
CVE-2020-2169
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability...
IBM MQ Appliance and IBM MQ Denial of Service Vulnerabilities
IBM MQ IBM WebSphere MQ and IBM MQ Appliance are both products of IBM Corporation, U.S.A. IBM MQ is a messaging middleware product. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM MQ Appliance is an all-in-one appliance for rapid...
CVE-2019-19381
oauth/oauth2/v1/saml/ in Abacus OAuth Login 201901r4201910210000 before prior to R4 20.11.2019 Hotfix allows Reflected Cross Site Scripting XSS via an error message...
CVE-2019-12446
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...
CVE-2019-12446
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...
Design/Logic Flaw
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...
UBUNTU-CVE-2019-12446
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...
CVE-2019-12446
The CVE-2019-12446 issue affects GitLab Community and Enterprise Edition versions 8.3 through 11.11, allowing information exposure via an error message. The vulnerability is documented across multiple sources (NVD, Red Hat, Debian, OSV, etc.) with the same flaw description and no detailed root-ca...
CVE-2019-12446
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...
CVE-2019-12446
Removed by vendor...
CVE-2020-2152
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...
PT-2020-15363 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Release Manager Plugin versions 1.2 and earlier Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the Repository URL field form validation is not...
Endless Group: Enumeration of username on password reset page
Summary: Reset password page api call, can be used to enumerate usernames based on the error message Steps To Reproduce: add details for how we can reproduce the issue 1. Go to password reset page 2. Enter username and click submit 3. Check email for password reset code, open the url in any brows...
CVE-2019-19993
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...
SmartClient Absolute Path Information Disclosure Vulnerability
smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...