CVE-2020-21865

ThinkPHP50-CMS v1.0 contains a remote code execution RCE vulnerability in the component /public/?s=captcha...

GHSA-XQP8-W826-HH6X Parse Server crashes with query parameter

Impact Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. Patches Upgrade to Parse Server 4.10.3...

CVE-2021-39187 Crash server with query parameter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

PYSEC-2021-425

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page...

ObjectPlanet Opinio 跨站脚本漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio versions prior to 7.14. The vulnerability stems from ObjectPlanet opinion prior to 7.14 allowing XSS to be reflected via the...

Apache Tomcat JNDI Realm Authentication Weakness Vulnerability (Jul 2021) - Linux

Apache Tomcat is prone to an authentication weakness vulnerability in the JNDI Realm. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2021-24407

The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action, leading to a Reflected Cross-site Scripting XSS vulnerability...

Reflected XSS from the callback handler's error query parameter

Overview Overview @auth0/nextjs-auth0 versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are...

GHSA-954C-JJX6-CXV7 Reflected XSS from the callback handler's error query parameter

Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...

Reflected XSS from the callback handler's error query parameter

Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...

Cross-site Scripting (XSS)

@auth0/nextjs-auth0 is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious code via an error query parameter processed by the callback handler as an error message...

CVE-2021-32702

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

CVE-2021-32702

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

Eclipse BIRT 代码问题漏洞

Eclipse BIRT is the Eclipse Foundation's suite of open source software that provides reporting and business intelligence capabilities for rich client applications and web applications. A code issue vulnerability exists in Eclipse BIRT that stems from the fact that in Eclipse BIRT version 4.8.0 an...

74CMS SQL Injection Vulnerability (CNVD-2021-43380)

74CMS is a recruitment system developed by Taiyuan Xunyi Technology Co., Ltd. based on ThinkPHP framework. A SQL injection vulnerability exists in 74CMS version 3.2.0. An attacker can use this vulnerability to inject SQL statements via the query parameter of plus/ajaxcommon.php...

CVE-2020-22209

SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajaxcommon.php...

CVE-2021-29681

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A SQL injection vulnerability exists in Goto WordPress...