Design/Logic Flaw

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity who has access to the router admin panel to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.htmladvancedlocation aka the Device Location page...

CVE-2024-26468

A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...

MLDB Security Vulnerabilities

MLDB is a machine learning database from MLDB, Inc. A security vulnerability exists in MLDB version v.2017.04.17.0. A remote attacker could exploit the vulnerability to execute arbitrary code via a specially crafted payload to publichtml/doc/index.html...

Fedora 39 : python-pyramid (2023-70baf5e2fe)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-70baf5e2fe advisory. - Update to 2.0.2 - Fixes CVE-2023-40587 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Path Traversal

pyramid is vulnerable to Path Traversal. The vulnerability exists because static.py does not properly remove null-byte characters from the path element, which allows an attacker to gain access to index.html located exactly one directory above the location of the static view's file system path...

DEBIAN-CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

"404 Not Found" Error When Accessing NetScaler Gateway index.html Page After NetScaler Upgrade

Following an NetScaler upgrade, attempting to access the Citrix Gateway index.html page results in a "404 Not Found" error...

CVE-2023-3800 EasyAdmin8 File Upload Module index.html unrestricted upload

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack i...

httpd security update

2.4.6-98.0.3 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850 - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690 2.4.6-98.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-97.7 - Resolves: 2177742 -...

CVE-2023-28444

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

Hummingbird < 3.4.2 - Unauthenticated Path Traversal

The plugin does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. This allows an attacker to: - Enumerate file system directories where the user who starts the web server process has write access. -...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application...

O365-Doppelganger - A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a...

CVE-2022-28074

Halo-1.5.0 was discovered to contain a stored cross-site scripting XSS vulnerability via \admin\index.html/system/tools...

CVE-2022-28074

CVE-2022-28074 affects Halo-1.5.0 and is caused by a stored cross-site scripting (XSS) vulnerability reachable via the path admin\index.html#/system/tools. The connected documents confirm Halo-1.5.0 as the vulnerable product and identify XSS as the underlying issue, but do not provide detailed ex...

CVE-2022-27886

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...

CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

CVE-2022-27886

Maccms v10 contains a reflected XSS in /admin.php/admin/ulog/index.html via the wd parameter. The issue is reported across multiple sources (CVE-2022-27886) and is confirmed in Red Hat/CNVD/CVE listings, describing a JavaScript-injection style vulnerability that could be triggered by user-supplie...

CVE-2022-27884

CVE-2022-27884 affects Maccms v10 and is a reflected cross-site scripting (XSS) vulnerability in the admin interface, specifically in /admin.php/admin/plog/index.html via the wd parameter. The root cause is insufficient input validation/escaping of user-supplied data in that parameter, enabling i...