43 matches found
ASP Portal - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inje...
MyGuestBK - 'Add.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/7211/info It has been reported that MyGuestBK does not sufficiently filter user-supplied URI parameters on the MyGuestBK Information Server 'Add Entry' page. It may be possible for a remote attacker to create a malicious link containing script code that...
CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...