CVE-2022-2880

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

CVE-2022-2880

CVE-2022-2880 affects golang under the net/http/httputil ReverseProxy: requests forwarded may include raw/unparsable inbound query parameters, enabling query parameter smuggling if the proxy forwards such values. The issue is mitigated by the fix that sanitizes forwarded query parameters when the...

Cross-Site Scripting (XSS)

bodhi is vulnerable to cross-site scripting. The vulnerability exists in overrides.html and updates.html because the input from the query parameter is auto-escaped and doesn't reflected back which allows an attacker to inject and execute arbitrary script...

HTTP Request Smuggling

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report:Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including...

CVE-2021-42052

IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...

Path traversal

IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...

Facebook gets round tracking privacy measure by encrypting links

A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of...

PYSEC-2022-226

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

CVE-2022-25303

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

GHSA-M7PR-M4CX-6M22 Reflected XSS vulnerability in Jenkins Queue cleanup Plugin

A form validation HTTP endpoint in Queue cleanup Plugin 1.3 and earlier does not escape a query parameter displayed in an error message. This results in a reflected cross-site scripting vulnerability XSS. Queue cleanup Plugin 1.4 correctly escapes the query parameter...

GHSA-F8W9-66FP-3JGW Jenkins build-metrics Plugin reflected cross-site scripting vulnerability

Jenkins build-metrics Plugin does not properly escape the label query parameter, resulting in a reflected cross-site scripting vulnerability. As of publication of this advisory, there is no fix...

Jenkins Wall Display Plugin Cross-site Scripting vulnerability

Wall Display Master Project Plugin does not properly escape the customTheme query parameter, resulting in a reflected cross-site scripting vulnerability. As of publication of this advisory, there is no fix...

CVE-2022-30992

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 29240...

Open redirect

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 29240...

CVE-2022-30992 Open redirect via user-controlled query parameter

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 Linux, Windows before build 29240...

CVE-2022-30992

CVE-2022-30992 affects Acronis Cyber Protect 15 (Linux/Windows) before build 29240, with an input validation/open redirect vulnerability via a user-controlled query parameter. Root cause cited as input validation error; impact is open redirect. Connected sources (CNVD/CNNVD/NVD) confirm the affec...

ImpressCMS Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...

GHSA-6C8C-F2W2-JVJR Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...

Subrion CMS CSRF Vulnerability

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing for example an attack against the query parameter to panel/database...

GHSA-RC94-7V55-WMG6 Subrion CMS CSRF Vulnerability

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing for example an attack against the query parameter to panel/database...