CVE-2024-46446

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover...

U.S. Dept Of Defense: Cross-Site Scripting (XSS) Vulnerability via parameter c0-id + Akamai Firewall Bypass

A Cross-Site Scripting XSS vulnerability was discovered on a specific website. The vulnerability was found in the POST method, allowing the injection of malicious scripts that could be executed. Exploitation of this vulnerability could have led to consequences such as cookie theft and session...

U.S. Dept Of Defense: Cross-Site Scripting (XSS) Vulnerability via POST Method + Akamai Firewall Bypass

A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the target website. The vulnerability allowed the injection of malicious scripts that could be executed. A payload was provided to bypass the Akamai firewall. The vulnerability was reported and the affected products and...

PT-2024-31706 · Unknown · Whatsapp-Api-Js

Name of the Vulnerable Software and Affected Versions: whatsapp-api-js versions prior to 4.0.3 Description: The issue concerns Incorrect Access Control in the whatsapp-api-js framework, impacting anyone using the post or verifyRequestSignature methods to handle messages. It is possible to check t...

CVE-2024-21832

A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body...

CVE-2024-21832 PingFederate REST API Data Store Injection

A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body...

CVE-2024-21832

CVE-2024-21832 concerns PingFederate with a potential JSON injection vector in REST API data stores via POST requests carrying a JSON body. Metrics indicate low base score (3.5), network access, high attack complexity, and scope changes with partial integrity impact. No explicit remediation or ex...

CVE-2023-3288

A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user provider in the system. This results in privilege escalation...

Ping Identity PingFederate Security Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1 that stems from the presence of a potential JSON injection attack vector using...

RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

CVE-2023-5118

The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...

CVE-2023-5118

The CVE-2023-5118 issue affects Kofax Capture’s SaveAnnotation endpoint (/sofer/DocumentService.asc/SaveAnnotation), where POST parameters author and text were not properly sanitized, enabling Stored XSS. Core impact is Cross-Site Scripting due to insufficient input validation in the annotation-a...

CVE-2023-4594

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

EmbedPress < 3.9.2 - Reflected XSS

Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below " / " /...

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...

Cross site scripting

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Resume parameter. The XSS is loaded from /register.ghp...

CVE-2023-4497 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Icon parameter. The XSS is loaded from /users.ghp...

CVE-2023-4497 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Icon parameter. The XSS is loaded from /users.ghp...

CVE-2023-4496 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /body2.ghp POST method, in the mtowho parameter...

CVE-2023-4496 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /body2.ghp POST method, in the mtowho parameter...