18 matches found
[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-6.fc43
This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...
CVE-2024-25875
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
GHSA-PCM8-QQRP-W6QF Enhavo Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
Enhavo Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
Enhavo Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
GHSA-C579-HHW5-CR3P Enhavo Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
Cross site scripting
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2024-25875
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
PT-2024-21179 · Unknown · Enhavo Cms
Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. This enables attackers to...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
PT-2024-21180 · Unknown · Enhavo Cms
Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. Recommendations: For Enhavo CMS...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2024-25875
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...
CVE-2021-28543
A NULL pointer dereference issue was found in Varnish Cache through the 'header' module from the separate varnish-modules package. This flaw might allow for remote clients to cause Varnish to assert and restart, reducing overall availability and performance due to an increased number of cache...
Newsletter < 6.7.7 - Authenticated Stored Cross-Site Scripting
An Authenticated Stored Cross-Site Scripting XSS was discovered within the Company Info "Motto" field. When creating a new newsletter using an empty template with the header module, the XSS would execute. This was later fixed in version: 6.7.7 PoC...
perl-Net-DNS security issue
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
DEBIAN-CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...