5 matches found
CVE-2020-2173
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content...
CVE-2025-46655
CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...
Glassdoor: Cross-Site Leakage of Review Ownership via Navigation Detection
A vulnerability allowed detection of user login status by exploiting differences in Cross-Origin-Opener-Policy COOP headers between authenticated and unauthenticated states on the website. The issue was addressed by implementing consistent COOP headers across all domains...
CVE-2023-38125
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The...
PT-2023-4656 · Softing · Softing Edgeaggregator
Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: The issue is related to the lack of protection for the web page structure in Softing edgeAggregator, allowing remote attackers to execute arbitrary code with root privileges...