69 matches found
CVE-2025-6967
Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but...
PT-2026-7263
Name of the Vulnerable Software and Affected Versions Sarman Soft CMS versions through 10022026 Description The software contains an Execution After Redirect EAR issue that allows for JSON Hijacking, also known as JavaScript Hijacking, and Authentication Bypass. This flaw occurs due to improper...
EUVD-2007-2371
Malware in sbrugna...
EUVD-2007-2380
Malware in sbrugna...
EUVD-2007-2376
Malware in sbrugna...
EUVD-2007-2379
Malware in sbrugna...
EUVD-2007-2377
Malware in sbrugna...
EUVD-2007-2372
Malware in sbrugna...
EUVD-2007-2373
Malware in sbrugna...
EUVD-2007-2374
Malware in sbrugna...
EUVD-2007-2378
Malware in sbrugna...
Security Bulletin: A vulnerability exists in Google Web Toolkit (GWT) framework used by ITNM (CVE-2007-2378)
Summary Vulnerability CVE-2007-2378 found in gwt-maps that is present in IBM Tivoli Network Manager ITNM IP Edition. The fix contains the removal of this library from ITNM Vulnerability Details CVEID:CVE-2007-2378 DESCRIPTION: The Google Web Toolkit GWT framework exchanges data using JavaScript...
K000150406: jQuery vulnerability CVE-2007-2379
Security Advisory Description The jQuery framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
CVE-2024-8644
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking.This issue affects ValeApp: before v2.0.0...
CVE-2024-8644
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking. This issue affects ValeApp: before v2.0.0...
CVE-2024-8644
ValeApp (Oceanic Software) is affected by a vulnerability described as cleartext storage of sensitive information in a cookie that allows protocol manipulation / JSON hijacking. The issue impacts ValeApp versions prior to 2.0.0. Likely impact is exposure of sensitive data via cookies and potentia...
PT-2024-39149 · Oceanic · Valeapp
Name of the Vulnerable Software and Affected Versions: ValeApp versions prior to 2.0.0 Description: The issue affects Oceanic Software ValeApp, allowing protocol manipulation through JSON Hijacking, also known as JavaScript Hijacking, due to cleartext storage of sensitive information in a cookie...
CVE-2021-22676
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...
CVE-2007-2383
The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
TomatoCart 1.x | Cross Site Request Forgery Protection Bypass via JavaScript Hijacking
OVERVIEW TomatoCart 1.x versions are vulnerable to Cross Site Request Forgery Protection Bypass. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under...