7656 matches found
CVE-2021-31373
A persistent Cross-Site Scripting XSS vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web...
CVE-2021-31355
A persistent cross-site scripting XSS vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a...
Cross site scripting
A persistent cross-site scripting XSS vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a...
PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities
Document Title: =============== PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2290 Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ Release Date:...
Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability
Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-18 Vulnerability Laboratory ID VL-ID: ==================================...
BMW Online (Mail) - Persistent Web Vulnerability
Document Title: =============== BMW Online Mail - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2262 Vulnerability Magazine:...
Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability
Document Title: =============== Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2301 Release Date: ============= 2021-10-17 Vulnerability Laboratory ID VL-ID: ====================================...
Sonicwall SonicOS 6.5.4 - Cross Site Web Vulnerability
Document Title: =============== Sonicwall SonicOS 6.5.4 - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2272 Release Date: ============= 2021-10-17 Vulnerability Laboratory ID VL-ID: ==================================== 22...
Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
✍️ Description The persistent or stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular...
in forkcms/forkcms
Description Insufficient Session expiration even after Credential like password of the account is being updated. Proof of Concept open the same account in multiple browsers. change the password in one Browser. Reload the other one. as a result we can see the account on the other browser is not...
Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. (CVE-2012-3300)
Question Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. CVE-2012-3300 | -9F7F4EC1049C904F85257A77006D19A9- | Answer Flash Alert Abstract WebSphere Commerce contains a security vulnerability related to its use of persistent sessions a...
CVE-2021-41136
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...
CVE-2021-41136
Summary: CVE-2021-41136 affects Puma HTTP/1.1 server for Ruby/Rack. When used with a proxy that forwards HTTP header values containing LF, an attacker could smuggle a request through the proxy, potentially causing the proxy to send a response to a different client. This behavior has been observed...
Moderate: Red Hat Security Advisory: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update
Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 8 in the Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...
UBUNTU-CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...
CVE-2021-39866
Removed by vendor...