Open Redirect in Flask-Security-Too

Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes Pythons...

CVE-2021-22210

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results...

CVE-2021-22210

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results...

EulerOS 2.0 SP3 : doxygen (EulerOS-SA-2021-1776)

According to the version of the doxygen package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe...

CVE-2021-29456

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

Authorization

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

CVE-2021-29456

CVE-2021-29456 affects Authelia (open‑source authentication/SSO server). In versions ≤ 4.27.4, an HTTP query parameter permits open redirects to any external domain, enabling potential phishing by spoofing the initial URL. The vulnerability’s impact is limited to redirect behavior, not direct app...

CVE-2021-29456 Authelia allows open redirects on the logout endpoint

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

PT-2021-18228 · Authelia · Authelia

Name of the Vulnerable Software and Affected Versions: Authelia versions 4.27.4 and earlier Description: The issue allows an attacker to redirect users from the web application to any domain, including potentially malicious sites, by utilizing a HTTP query parameter. This does not directly impact...

PT-2021-15758

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 2.10.0 Description: The issue is related to a reflected Cross-Site Scripting vulnerability inside the administration panel. This vulnerability can be exploited via the s GET...

Remote code execution

Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...

CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/testgridfilter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting XSS. The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site...

sheila1227 gridx 安全漏洞

sheila1227 gridx is sheila1227 an open source application . For fast rendering , good modular and plug-in based architecture of the Grid. oria gridx 1.3 security vulnerability , a remote attacker can be exploited to execute arbitrary code through the $query parameter carefully set the value...

CVE-2021-27531

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter...

Dynpg组织 Dynpg 跨站脚本漏洞

DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "query" parameter...

OPENSUSE-SU-2021:0435-1 Security update for python

This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. This update was imported from the SUSE:SLE-15:Update updat...

MGASA-2021-0135 Updated python-django package fixes a security vulnerability

Django contains a copy of urllib.parse.parseqsl which was added to backport some security fixes to prevent web cache poisoning. A further security fix has been issued recently such that parseqsl no longer allows using ; as a query parameter separator by default CVE-2021-23336...