CVE-2023-39096

WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting XSS vulnerability due to lack of input validation and output encoding...

WebBoss.io Cross-Site Scripting Vulnerability

WebBoss.io is a website building platform for professional designers and developers from WebBoss.io, Inc. A security vulnerability exists in WebBoss.io CMS version v3.7.0.1 that stems from a lack of input validation and output coding...

Advisory ROSA-SA-2023-2203

Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

The vulnerability of the Envoy proxy server stems from a lack of mechanisms for encoding or filtering output data, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Envoy proxy server is related to the lack of mechanisms for encoding or filtering output data. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

PT-2023-3904 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 Description: The issue is related to a lack of output encoding or escaping mechanism ...

Froxlor Command Execution Vulnerability

Froxlor is a set of lightweight server management software from the Froxlor team. A command execution vulnerability exists in versions prior to froxlor 2.0.21 that stems from an output encoding or escaping error. An attacker can exploit the vulnerability to cause command execution...

Input validation

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21...

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software from the Froxlor team. A command execution vulnerability exists in versions prior to froxlor 2.0.21 that stems from an output encoding or escaping error. An attacker can exploit the vulnerability to cause command execution...

GHSA-2CV5-QVQ3-6276 TeamPass vulnerable to Improper Encoding or Escaping of Output

TeamPass prior to 3.0.10 is vulnerable to cross-site scripting filter bypass in folder names. This can lead to information disclosure...

TeamPass vulnerable to Improper Encoding or Escaping of Output

TeamPass prior to 3.0.10 is vulnerable to cross-site scripting filter bypass in folder names. This can lead to information disclosure...

Stored XSS

Description: The application contains a stored XSS vulnerability, which allows an attacker to inject and execute malicious scripts within the application. The vulnerability occurs due to improper input validation and output encoding mechanisms, which fail to adequately sanitize and encode...

CVE-2023-28800 Output encoding missing in redrurl parameter

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login...

CVE-2023-28800 Output encoding missing in redrurl parameter

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login...

CVE-2023-3190

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

CVE-2023-3190 Improper Encoding or Escaping of Output in nilsteampassnet/teampass

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

TeamPass 安全漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.0.9 that stems from improperly escaping output encoding...

HTML Injection in Folder Name

Description The folder name does not sanitize folder name and due to missing output encoding, HTML user-input is rendered in the webpage during folder deletion. Proof of Concept 1. Login to Teampass as any user. 2. Go to Folders tab. 3. Create a new folder with HTML tag in the Label. Example: HTM...

CVE-2023-33194 CraftCMS stored XSS in Quick Post widget error message

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...

Pixel＆tonic Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US-based Pixel & tonic, Inc. A security vulnerability exists in Pixel & tonic Craft CMS that stems from not filtering input and encoding output in Quick Post validation error messages, which would allow the delivery of loads with...

Music Gallery Site 1.0 SQL Injection Vulnerability

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari...