87 matches found
Piwigo Cross-Site Scripting Vulnerability (CNVD-2022-71118)
Piwigo is a set of Web-based open source image gallery software. Piwigo version 12.2.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data. An attacker could use this vulnerability to steal the webmaster's cookies to...
mysiteforme cross-site scripting vulnerability
Mysiteforme is a permission management system. mysiteforme suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the blog tagging function of the backend blog management. An attacker could exploit the vulnerability...
Gryphon Tower Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...
The vulnerability of the Moxa MXView network control software lies in its failure to eliminate special elements, allowing a violator to execute arbitrary code.
The vulnerability of the Moxa MXView network control software lies in the lack of measures taken to neutralize special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted reques...
WordPress 插件 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Zoho CRM Lead Magnet plugin version 1.7.2.4, which...
The vulnerability of the SSH server on the Cisco IOS XR operating system allows a hacker to read and rewrite any files they choose.
The vulnerability of the SSH server on the Cisco IOS XR operating system is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to read and rewrite any files as desired...
PT-2021-4505 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.1 Description: The issue is related to the wp die function in WordPress, which can leak output data under certain conditions, including sensitive information like nonces. This leaked data can be used to perform...
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. This allows a perpetrator to execute arbitrary code.
The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrar...
The vulnerability of the HTTP request programming language Python method, related to the lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential information and compromise its integrity.
The vulnerability of the HTTP request programming language Python method is related to the lack of mechanisms for encoding or encrypting output data. Exploiting this vulnerability allows an attacker to gain access to confidential data and compromise its integrity...
IOBit Advanced SystemCare 安全漏洞
Iobit IOBit Advanced SystemCare is a system management utility program from the British company IOBit Iobit. The program is mainly used for scanning, repairing and optimizing the system, among other things. A security vulnerability exists in IOBit Advanced SystemCare Ultimate, which stems from th...
The vulnerability of the Dovecot mail server arises from incorrect neutralization of special elements in the output data used by the incoming component, allowing attackers to expose user credentials.
The vulnerability of the Dovecot mail server is related to incorrect neutralization of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to expose user credentials...
The vulnerability of the IBM DB2 database management system lies in the insufficient cleaning of special elements in the output data used by the incoming component, which allows a hacker to trigger a service failure.
The vulnerability of the IBM DB2 database management system is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using specially created commands...
The vulnerability of Mutt and NeoMutt email clients stems from deficiencies in the process of neutralizing special characters in the output data used by the incoming component. This allows attackers to gain unauthorized access to protected information.
The vulnerability of Mutt and NeoMutt email clients is related to deficiencies in the process of neutralizing special elements in the output data used by the incoming component. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...
U.S. Dept Of Defense: Reflected XSS on https://██████
Description: Reflected XSS on https://███████ POC: https://███/████=https://████████████/%3C/script%3E%3Cscript%3Ealertorigin%3C/script%3E&██████ References ███████ Impact Unauthenticated Reflected XSS System Hosts ████████ Affected Products and Versions CVE Numbers Steps to Reproduce Step 1: Go ...
The vulnerability of the DhcpClient method in the Bluetooth Blueman manager arises from incorrect neutralization of special elements in the output data. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the DhcpClient method in the Bluetooth Blueman manager is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the WASSP discriver of the Wireshark network traffic analyzer allows a hacker to cause a service failure.
The vulnerability of the WASSP discriminator in the Wireshark network traffic analyzer is related to incorrect neutralization of special elements in the output data. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the software package that implements the Squid caching proxy server’s function relates to incorrect elimination of certain elements in the output data. This allows a hacker to compromise the integrity of the data.
The vulnerability of the software package that implements the Squid caching proxy server lies in the improper elimination of certain elements in the output data. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the data...
The vulnerability of the jqMix method implementation in the dojox library (NPM package) allows an attacker to compromise data integrity.
The vulnerability of the jqMix method implementation in the dojox library NPM package is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to compromise the integrity of the data...
The vulnerability of the Adobe Download Manager’s download manager, related to incorrect elimination of special elements in the output data used by the incoming component, allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Download Manager’s download manager is related to the incorrect elimination of certain elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...
The vulnerability in the implementation of the Strict Transport Security (HSTS) mechanism of the Mozilla Firefox browser allows a perpetrator to compromise the integrity of data.
The vulnerability of the Strict Transport Security HSTS mechanism implemented by Mozilla Firefox is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the...