Lucene search
+L

115 matches found

cnnvd
cnnvd
added 2025/10/12 12:0 a.m.5 views

HCL Unica Platform 安全漏洞

HCL Unica Platform is a state-of-the-art enterprise automated marketing platform from HCL India. It handles routine marketing tasks and captures the most effective leads without the need for manual intervention. HCL Unica Platform suffers from a security vulnerability that stems from cookies not...

4.3CVSS6.7AI score0.00129EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-10647

Malware in sbrugna...

5.3CVSS6.4AI score0.01308EPSS
Exploits0References6
nvd
nvd
added 2025/09/29 7:15 p.m.7 views

CVE-2025-57424

A stored cross-site scripting XSS vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the...

7.3CVSS0.00249EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/09/23 12:0 a.m.6 views

PT-2025-39175

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authenticated stored cross-site scripting XSS issue exists because of insufficient validation of user-provided input when uploading API documents within the Publisher portal. An...

4.8CVSS5.4AI score0.00173EPSS
Exploits0References9
nessus
nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-4639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker...

7.4CVSS7AI score0.01117EPSS
Exploits0References2
osv
osv
added 2024/12/12 9:31 a.m.3 views

GHSA-CXRX-Q234-M22M io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling

A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...

7.4CVSS6.4AI score0.00768EPSS
Exploits0References10
cvelist
cvelist
added 2024/11/15 3:27 p.m.21 views

CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...

4.8CVSS0.00381EPSS
Exploits1References2
cvelist
cvelist
added 2024/05/30 7:52 p.m.31 views

CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...

4.2CVSS4.5AI score0.00347EPSS
Exploits0References2
redhat
redhat
added 2024/05/08 2:17 p.m.2 views

undertow: Cookie Smuggling/Spoofing

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...

7.4CVSS5.8AI score0.01117EPSS
Exploits0References4
f5
f5
added 2023/02/21 7:45 p.m.106 views

K15273: Apache vulnerability CVE-2012-0053

Security Advisory Description protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long o...

4.3CVSS6.8AI score0.82756EPSS
Exploits4Affected Software13
susecve
susecve
added 2023/02/15 4:55 a.m.4 views

SUSE CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

5.3CVSS6.8AI score0.01308EPSS
Exploits0References2
debiancve
debiancve
added 2022/12/22 12:0 a.m.57 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

6.1CVSS7.9AI score0.00575EPSS
Exploits0
redhat
redhat
added 2022/12/13 4:8 p.m.2 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
redhat
redhat
added 2022/11/21 12:58 p.m.4 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
redhat
redhat
added 2022/11/21 12:37 p.m.2 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
redhat
redhat
added 2022/11/21 12:35 p.m.5 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
redhat
redhat
added 2022/11/21 11:33 a.m.2 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
hackerone
hackerone
added 2022/09/13 3:19 a.m.30 views

Linktree: XSS in SocialIcon Link

XSS in SocialIcon Link There was no validation of the url provided for the SocialIcon Link , which allowed to include javascript uri . As the cookies were marked as httponly , I couldn't steal them directly via the xss so instead I found an endpoint which was leaking the accessToken used for...

0.3AI score
Exploits0
osv
osv
added 2022/05/24 10:0 p.m.1 views

GHSA-47WC-P5CP-W7PW Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

4.3CVSS6.1AI score0.65753EPSS
Exploits0References4
zdt
zdt
added 2021/11/15 12:0 a.m.340 views

WordPress WPSchoolPress 2.1.16 Plugin - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.04 over WordPress...

4.8CVSS5.7AI score0.02358EPSS
Exploits4
Rows per page
Query Builder