215 matches found
Django Grappelli Input Validation Error Vulnerability
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in django-grappelli Django Grappelli prior to version 2.15.2, whi...
CVE-2021-46898
CVE-2021-46898 – django-grappelli protocol-relative URL redirect issue Affected component: views/switch.py in django-grappelli (also known as Django Grappelli) prior to version 2.15.2. The vulnerability arises from an approach that attempts to block external redirects using a startswith("/") chec...
CVE-2023-38059
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...
CVE-2023-38059
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...
Code injection
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...
UBUNTU-CVE-2023-38059
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...
CVE-2023-38059 External pictures can be loaded even if not allowed by configuration
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...
PT-2023-26270 · Otrs +2 · Otrs +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: The issue allows the loading of external images even when configured to block them, by using...
SUSE CVE-2013-2920
The DoResolveRelativeHost function in url/urlcanonrelative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service out-of-bounds read via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/...
Internet Bug Bounty: [CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname
GHSA: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 Report: https://hackerone.com/reports/1642017 Impact SSRF...
curl: Active Mixed Content over HTTPS
Summary: Resources Loaded from Insecure Origin HTTP Steps To Reproduce: Vulnerability Details detected that an active content loaded over HTTP within an HTTPS page Remedy There are two technologies to defense against the mixed content issues: HTTP Strict Transport Security HSTS is a mechanism tha...
Open Redirection
tomcat-catalina is vulnerable to open redirection. The vulnerability is possible because the library creates a protocol-relative redirect in the default servlet when generating a redirect to a directory, allowing an attack through any malicious URL...
Open Redirection
tomcat-catalina is vulnerable to open redirection. The vulnerability is possible because the library creates a protocol-relative redirect in the default servlet when generating a redirect to a directory, allowing an attack through any malicious URL...
Informatica: [marketplace.informatica.com] Open Redirect
marketplace.informatica.com contains an open redirect due to a flawed URL rewrite rule. All requests containing a single quote: ' are met with a 302 redirect to the same URL, minus the single quote. As the Location header uses a protocol-relative URL, this can be abused to redirect people to...
Out-of-bounds
The DoResolveRelativeHost function in url/urlcanonrelative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service out-of-bounds read via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/...