Design/Logic Flaw

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter...

Blackcat Cms Cross-Site Scripting Vulnerability

Blackcat Cms is a Php-based content management system from the Blackcat team. A security vulnerability exists in Blackcat Cms version 1.4.1, which originates from a cross-site scripting XSS vulnerability in /settings/index.php that allows an attacker to inject a crafted payload via the site heade...

CVE-2023-44042

A stored cross-site scripting XSS vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter...

REDCap Cross-Site Scripting Vulnerability

REDCap is a data collection and management web application. A security vulnerability exists in Vanderbilt REDCap version 13.1.35. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the item header parameter...

SUSE CVE-2019-20379

ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php cs parameter...

SUSE CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

glFusion CMS 跨站脚本漏洞

glFusion CMS is a content management and publishing system. A cross-site scripting vulnerability exists in glFusion CMS version v1.7.9, which stems from being affected by reflective cross-site scripting XSS. The value of a header request parameter is copied into the value of an HTML markup...

UBUNTU-CVE-2022-36083

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

OESA-2022-1568 ganglia security update

Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. Security Fixes: ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter.CVE-2019-20378 ganglia-web a...

Ganglia-web Cross-Site Scripting Vulnerability

Ganglia is an extensible real-time monitoring and execution environment where all execution requests and statistics are represented in an open and well-defined XML format. ganglia-web ganglia web front-end provides access to the data collected by the monitoring core. A cross-site scripting...

Ganglia-web cross-site scripting vulnerability (CNVD-2020-14693)

Ganglia is an extensible real-time monitoring and execution environment where all execution requests and statistics are represented in an open and well-defined XML format. ganglia-web ganglia web front-end provides access to the data collected by the monitoring core. A cross-site scripting...

DEBIAN-CVE-2019-20378

ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter...

D-Forum 1 header Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some...

Vanilla 1.1.7 Cross Site Scripting

Author: Gerendi Sandor Attila Original advisory: http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html Date: May 14, 2009 Package: Vanilla 1.1.7 Product Homepage: http://getvanilla.com/ Versions Affected: v.1.1.7, 1.1.5 Other versions may also be affected Severity: Medium Inpu...

Claroline 1.8.11 Cross Site Scripting

Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...

Code injection

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...

CVE-2009-0275

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...

CVE-2007-1631

PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use...