PMB 跨站脚本漏洞

PMB is a 100% free document management reference tool from the PMB Services team. A security vulnerability exists in PMB version v7.4.6, which was discovered to contain a Reflected Cross-Site Scripting XSS vulnerability via the query parameter in /admin/convert/exportz3950.php...

PT-2023-19761 · Pmb · Pmb

Name of the Vulnerable Software and Affected Versions: PMB version 7.4.6 Description: A reflected cross-site scripting XSS issue was found in PMB via the query parameter at "/admin/convert/export z3950.php". This allows for potential malicious script execution. Recommendations: For PMB version...

Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Decision Optimization in IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in Golang Go used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial o...

SUSE CVE-2004-2492

Cross-site scripting XSS vulnerability in Groupmax World Wide Web GmaxWWW Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter...

SUSE CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

SUSE CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-1385)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to query parameter smuggling in Golang Go (CVE-2022-2880)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to query parameter smuggling in Golang Go, due to the inclusion of unparseable parameters rejected by net/http in requests forwarded by ReverseProxy CVE-2022-2880. The Golang Go component is included as part of...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple Go vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-41715 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the compilation of regular expression...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to query parameter smuggling due to [CVE-2022-2880]

Summary Some components of IBM App Connect Enterprise Certified Container operator and operands are implemented in Golang Go. These components may be vulnerable to query parameter smuggling. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-2880...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-0446)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0446 advisory. golang 1.18.9-1 - Update to Go 1.18.9 - Add big-endian.patch - Increase GOTESTTIMEOUTSCALE due to a Brew issue - Add do-not-reuse-far-trampolines.patch...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

AlmaLinux 9 : go-toolset and golang (ALSA-2023:0328)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0328 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of...

Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-0328)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0328 advisory. golang 1.18.9-1 - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz2144547 - Resolves:...

PT-2023-15095 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1124)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amoun...

Security Bulletin: Operations Dashboard is vulnerable to multiple Go CVEs

Summary Operations Dashboard is vulnerable to multiple Go CVEs with details below Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a specially-crafted...

w2wiki 跨站脚本漏洞

w2wiki is a web-based wiki-like notepad developed by Steven Frank. A security vulnerability exists in w2wiki, which originates in the toHTML function of the index.php file of the component Markdown Handler, where a parameter query leads to cross-site scripting...

CVE-2021-4247

A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the...