Cross site scripting

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

GHSA-R2WF-Q3X4-HRV9 Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

Cross-site Scripting (XSS)

Overview io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the...

GHSA-F5F4-M7QP-W6GC Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

Cross-site Scripting (XSS)

Jooby is vulnerable to cross-site scripting XSS. The attack can be triggered when an attacker inject a malicious script through the default error handler...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

Default credentials

Jooby before 1.6.4 has XSS via the default error handler...

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

CVE-2016-10789

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can...

CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

UBUNTU-CVE-2019-11390

DISPUTED An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition...

PT-2019-12276 · Owasp +1 · Owasp Modsecurity Core Rule Set +1

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions through 3.1.0 Description: An issue was discovered that allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with set error handler at the beginning and...

Cross-site Scripting (XSS)

github.com/ory/hydra is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not escape the errorhint parameter in the default error handler, allowing the attacker to inject arbitrary script through it...

Design/Logic Flaw

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...

CVE-2018-19991

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler for geturiargs or getpostargs to block the API misuse described in CVE-2018-9230...