CVE-2024-8644 Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking. This issue affects ValeApp: before v2.0.0...

CVE-2024-8644 Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking. This issue affects ValeApp: before v2.0.0...

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

CVE-2021-47157

The CVE-2021-47157 entry affects the Kossy Perl module before 0.60. The root cause is mishandling of the X-Requested-With header, enabling JSON hijacking and compromising confidentiality, integrity, and availability (CVSS v3.1: 9.8, critical; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected softwar...

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

PT-2024-11205 · Kossy · Kossy

Name of the Vulnerable Software and Affected Versions: Kossy module versions prior to 0.60 Description: The issue allows JSON hijacking due to mishandling of the X-Requested-With header. This can be exploited because of improper handling in the Kossy module for Perl. Recommendations: For versions...

Spree allows remote attackers to obtain sensitive information

Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation JSON without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving 1 admin/products.json, 2 admin/users.json, or 3...

Security Bulletin: Multiple vulnerabilities in certain services of IBM Rational Software Architect Design Manager

Summary A number of services in Rational Software Architect Design Manager were not sanitizing user input properly thus potentially allowing cross-site scripting, json hijacking, and HTML injection attacks. Vulnerability Details CVEID: CVE-2015-7485 DESCRIPTION: IBM Jazz technology based products...

Security Bulletin: Multiple vulnerabilities affect Rational Rhapsody Design Manager with potential for security attacks

Summary IBM Rhapsody Design Manager is affected by multiple vulnerabilities with potential for evil file upload, cross site scripting, HTML injection, JSON Hijacking and XML entity expansion. Vulnerability Details CVEID: CVE-2016-8973 DESCRIPTION: IBM Rhapsody DM contains an undisclosed...

Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for JSON Hijacking Attack (CVE-2013-3041)

Summary A JSON Hijacking Attack vulnerability exists in IBM Rational ClearQuest Web Client. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVE ID:...

CVE-2016-9697

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference : 1999960...

CVE-2016-9697

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference : 1999960...

Code injection

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference : 1999960...

CVE-2016-9697

CVE-2016-9697 is an IBM Rhapsody DM vulnerability described as enabling a JSON Hijacking attack. Public records in connected docs confirm the issue affects Rational Software Architect Design Manager 4.0.0–6.0.2 and are tied to JSON hijacking exposure between server and browser. The NVD entry list...

CVE-2016-9697

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference : 1999960...

IBM Rational ClearQuest 7.1.x < 7.1.2.12 / 8.0.0.x < 8.0.0.8 / 8.0.1.x < 8.0.1.1 Multiple Vulnerabilities (credentialed check)

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.12 / 8.0.0.x prior to 8.0.0.8 / 8.0.1.x prior to 8.0.1.1 installed. It is, therefore, potentially affected by multiple vulnerabilities : - An unspecified cross-site request forgery CSRF vulnerability exists. CVE-2013-05...

CVE-2013-3041

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."...

Information disclosure

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."...