Fortinet FortiSIEM 跨站脚本漏洞

Fortinet FortiSIEM is a security information and event management system developed by the American company Fortinet. This system includes features such as asset discovery, workflow automation, and unified management. Versions of Fortinet FortiSIEM ranging from 7.3.0 to 7.3.4 contain a cross-site...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site scripting vulnerability exists in XWiki Platform versions 6.1-rc-1 and earlier. An attacker can exploit this vulnerability to inject Javascript code into a pag...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform. An attacker could use this vulnerability to inject Javascript code into a page by forging a URL and trigger a cross-site...

GHSA-PW97-6V74-9W3P EC-CUBE improperly handles HTTP Host header values

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...

EC-CUBE improperly handles HTTP Host header values

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...

JVN#53871926: EC-CUBE improperly handles HTTP Host header values

EC-CUBE provided by EC-CUBE CO.,LTD. improperly handles HTTP Host header values CWE-913. Impact A remote attacker may direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users. Solution Apply Workaround Apply the following workaround to avoid...

Jenkins 跨站请求伪造漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

Microsoft Internet Explorer and Microsoft Edge Security Feature Bypass Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...