Dell EMC PowerScale OneFS Information Disclosure Vulnerability

Dell EMC PowerScale OneFS, an API-driven file system, is vulnerable to an information disclosure in Dell EMC PowerScale OneFS version 8.2.2-9.1.0.. The vulnerability stems from the product's use of a get request method with a sensitive query string. An attacker could exploit the vulnerability to...

Cross site scripting

CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...

CVE-2020-26563

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...

Cross site scripting

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...

PT-2021-8205 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 version 1.5.1.3 DrayTek Vigor 3900 version 1.5.1.3 DrayTek Vigor 300B version 1.5.1.3 Description: A Remote Command Injection issue exists in the mainfunction.cgi script of the DrayTek Vigor web interface due to inadequate...

Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

ALPINE-CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2021-37587)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in FusionPBX version 4.5.7. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the querystring variable in...

FusionPBX 跨站脚本漏洞

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in FusionPBX version 4.5.7. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the querystring variable in...

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

Lightmeter ControlCenter 安全漏洞

Lightmeter ControlCenter is a Lightmeter open source application . A monitoring and analysis system for Postfix mail servers . A security vulnerability exists in Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1, which stems from the fact that anyone who knows the URL of a publicly...

GHSA-PR5M-4W22-8483 NanoHTTPD Cross-site Scripting vulnerability

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...

Design/Logic Flaw

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...

NanoHTTPD Cross-Site Scripting Vulnerability

LordFokas NanoHTTPD is an application for GlobalLordFokas individual developers. It provides a lightweight HTTP server designed for embedding in other applications. A cross-site scripting vulnerability exists in NanoHTTPD through 2.3.1, which stems from the GeneralHandler GET handler printing use...

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-02805)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.3 and earlier versions. The vulnerability can be exploited by an attacker to conduct a cross-site...

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

Design/Logic Flaw

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...