Lucene search
K

50 matches found

Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.3 views

PT-2024-15139 · Easyazon · Easyazon

Name of the Vulnerable Software and Affected Versions: EasyAzon – Amazon Associates Affiliate Plugin versions up to, and including, 5.1.0 Description: The issue is related to Reflected Cross-Site Scripting via the easyazon-cloaking-locale parameter due to insufficient input sanitization and outpu...

6.1CVSS6.5AI score0.00317EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 10:52 a.m.25 views

BIT-DJANGO-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS7.3AI score0.0272EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2023/06/30 12:0 a.m.6 views

The vulnerability of the microprogramming software of the TP-Link TL-WPA7510 network adapter lies in the ability to write data beyond the buffer in memory, allowing a hacker to execute arbitrary commands.

The vulnerability of the TP-Link TL-WPA7510 network adapter’s microprogramming software lies in the ability to write data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the /admin/locale parameter...

10CVSS8.4AI score0.00928EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.1 views

SUSE CVE-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS6.8AI score0.0272EPSS
Exploits0References6
OSV
OSV
added 2022/10/16 12:0 p.m.2 views

GHSA-QRW5-5H28-6CMG Django denial-of-service vulnerability in internationalized URLs

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

8.7CVSS6.8AI score0.0272EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2022/10/16 12:0 p.m.28 views

Django denial-of-service vulnerability in internationalized URLs

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS7.4AI score0.0272EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2022/10/16 6:15 a.m.4 views

PYSEC-2022-304

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS6.8AI score0.0272EPSS
Exploits0References5
PyPA
PyPA
added 2022/10/16 6:15 a.m.6 views

PYSEC-2022-304

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS6.8AI score0.0272EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/16 12:0 a.m.3 views

CVE-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.4AI score0.0272EPSS
Exploits0References10
OSV
OSV
added 2022/10/16 12:0 a.m.33 views

CVE-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS7.4AI score0.0272EPSS
Exploits0References12
Cvelist
Cvelist
added 2022/10/16 12:0 a.m.32 views

CVE-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.6AI score0.0272EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2022/10/16 12:0 a.m.36 views

CVE-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS7.5AI score0.0272EPSS
Exploits0
OSV
OSV
added 2022/10/04 8:0 a.m.1 views

UBUNTU-CVE-2022-41323

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS6.8AI score0.0272EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/04 12:0 a.m.6 views

PT-2022-7213

Name of the Vulnerable Software and Affected Versions Django versions 3.2 through 3.2.15 Django versions 4.0 through 4.0.7 Django versions 4.1 through 4.1.1 Description The issue is related to insufficient processing of regular expressions in internationalized URLs, which can be exploited to caus...

8.7CVSS6.7AI score0.0272EPSS
Exploits0References154
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.3 views

SITA Software Azur CMS 跨站脚本漏洞

SITA Software Azur CMS is a web CMS. A cross-site scripting vulnerability exists in SITA Software Azur CMS 1.2.3.1 and prior versions, which stems from the software's lack of effective validation and filtering of parameters. This allows a remote attacker to pass 1 NOMCLI, 2 ADRESSE, 3 ADRESSE2, 4...

5.4CVSS5.5AI score0.00808EPSS
Exploits1References2
OSV
OSV
added 2017/04/13 2:59 p.m.6 views

CVE-2016-1915

Multiple cross-site scripting XSS vulnerabilities in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to 1 mydevice/index.jsp or 2 mydevice/loggedOut.jsp...

6.1CVSS5.8AI score0.0395EPSS
Exploits5References5
Cvelist
Cvelist
added 2017/04/13 2:0 p.m.19 views

CVE-2016-1915

Multiple cross-site scripting XSS vulnerabilities in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to 1 mydevice/index.jsp or 2 mydevice/loggedOut.jsp...

7AI score0.0395EPSS
Exploits5References5
seebug.org
seebug.org
added 2017/02/24 12:0 a.m.15 views

HotelCMS with Booking Engine - SQL injection vulnerability

http://localhost/PATH/locale? locale=SQL the locale parameter there is sql injection Wherein the error injection as follows: payload: http://localhost/PATH/locale? locale=1' AND SELECT 3507 FROMSELECT COUNT,CONCATFLOORRAND02,md5233x FROM INFORMATIONSCHEMA. The PLUGINS GROUP BY xa-- Lilt Test...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/04/22 12:0 a.m.5 views

BlackBerry Enterprise Service Cross-Site Scripting Vulnerability (CNVD-2016-02632)

BlackBerry Enterprise Service BES is a next-generation mobile device management platform from BlackBerry Canada. A cross-site scripting vulnerability exists in the index.jsp/loggedOut.jsp file in BES version 12.3.1, which can be exploited by a remote attacker to affect confidentiality, integrity...

6.1CVSS6.2AI score0.0395EPSS
Exploits5References1
Prion
Prion
added 2016/04/13 3:59 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

4.3CVSS6.1AI score0.01535EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder