Lucene search
K

38 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-43644

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

6.1CVSS5.3AI score0.00195EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/05/16 2:19 a.m.81 views

Exploit for Unrestricted Upload of File with Dangerous Type in Stefanprodan Podinfo

CVE-2025-70849: Stored XSS in Podinfo Summary A security v...

6.1CVSS7.5AI score0.00244EPSS
Exploits4
OSV
OSV
added 2026/05/14 3:31 p.m.5 views

GHSA-Q23M-VM9R-5745 podinfo: cross-site scripting vulnerability in the /echo and /api/echo endpoints

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.4CVSS5.7AI score0.00195EPSS
Exploits2References8
Github Security Blog
Github Security Blog
added 2026/05/14 3:31 p.m.9 views

podinfo: cross-site scripting vulnerability in the /echo and /api/echo endpoints

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

6.1CVSS5.7AI score0.00195EPSS
Exploits2References8Affected Software1
NVD
NVD
added 2026/05/14 1:16 p.m.13 views

CVE-2026-43644

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

6.1CVSS0.00195EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:37 p.m.8 views

CVE-2026-43644

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.4CVSS5.7AI score0.00195EPSS
Exploits2References4
EUVD
EUVD
added 2026/05/14 12:37 p.m.10 views

EUVD-2026-30275

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.4CVSS5.7AI score0.00195EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/05/14 12:37 p.m.8 views

CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.4CVSS5.7AI score0.00195EPSS
Exploits2References3
CVE
CVE
added 2026/05/14 12:37 p.m.16 views

CVE-2026-43644

CVE-2026-43644 affects podinfo up to version 6.11.2. The vulnerability is a reflected XSS in the /echo and /api/echo endpoints, caused by the echoHandler writing the request body to the response without setting explicit Content-Type or X-Content-Type-Options headers. Go’s content-type detection m...

6.1CVSS5.7AI score0.00195EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/05/14 12:37 p.m.40 views

CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.4CVSS0.00195EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40911

Name of the Vulnerable Software and Affected Versions podinfo versions prior to 6.11.3 Description A reflected cross-site scripting issue exists in the '/echo' and '/api/echo' endpoints. The echoHandler function writes request body content directly to the response without setting explicit...

6.1CVSS5.7AI score0.00195EPSS
Exploits2References13
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

podinfo 跨站脚本漏洞

Podinfo is a Kubernetes microservice template developed by Stefan Prodan. Versions of Podinfo 6.11.2 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the echoHandler did not set a clear Content-Type or X-Content-Type-Options header on the...

6.1CVSS5.8AI score0.00195EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/05/13 10:53 p.m.45 views

Security-Advisories

Security Advisories Public security advisories and proof-of-c...

5.4CVSS5.8AI score0.00195EPSS
Exploits2
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.7 views

CVE-2026-33810 vulnerabilities

Vulnerabilities for packages: k8s-metacollector-fips, kubewatch, dkron, cilium-certgen-fips, sealed-secrets-fips, pluto, flux-image-reflector-controller, mariadb-operator, flux-operator, flux-source-controller-fips, temporal, mountpoint-s3-csi-driver, flux-image-automation-controller,...

8.8CVSS7.1AI score0.0034EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.5 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: k8s-metacollector-fips, kubewatch, dkron, cilium-certgen-fips, sealed-secrets-fips, pluto, flux-image-reflector-controller, mariadb-operator, flux-operator, flux-source-controller-fips, temporal, mountpoint-s3-csi-driver, flux-image-automation-controller,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.7 views

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: mc, gpu-operator-fips, mariadb-operator, cerbos, nsc-fips, supercronic, minc-fips, prometheus-beat-exporter-fips, cni-plugins-fips, nri-mssql-fips, gitlab-workhorse-ce, azure-service-operator, minio-fips, consul-fips, terraform-provider-pagerduty-fips,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.11 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: k8s-metacollector-fips, nri-haproxy, logstash-exporter-fips, beats-fips, sonobuoy, argo-events-fips, mc, neuvector-fips, aws-sigv4-proxy, prometheus-operator-fips, gpu-operator-fips, gatekeeper, chart-testing-fips, cis-operator, grafana, mariadb-operator,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/07 12:27 a.m.6 views

SUSE CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

6.1CVSS5.5AI score0.00244EPSS
Exploits4References3
OSV
OSV
added 2026/02/05 3:20 a.m.8 views

GO-2026-4404 Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS) in github.com/stefanprodan/podinfo

Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting XSS in github.com/stefanprodan/podinfo...

6.1CVSS5.3AI score0.00244EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.7 views

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

6.1CVSS5.5AI score0.00244EPSS
Exploits4References1
Rows per page
Query Builder