MGASA-2021-0135 Updated python-django package fixes a security vulnerability

Django contains a copy of urllib.parse.parseqsl which was added to backport some security fixes to prevent web cache poisoning. A further security fix has been issued recently such that parseqsl no longer allows using ; as a query parameter separator by default CVE-2021-23336...

CVE-2021-21080 Adobe Connect Reflected Cross-site Scripting via query parameter

Adobe Connect version 11.0.7 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing t...

jenkins: Reflected XSS vulnerability in markup formatter preview

A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...

CVE-2021-26903

LMA ISIDA Retriever 5.2 is vulnerable to XSS via query'text'...

Cross-Site Request Forgery (CSRF)

Overview Affected versions of the fastify-csrf package are vulnerable to Cross-site Request Forgery CSRF. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true . Also, the CSRF token was available in the GET query parameter...

EulerOS 2.0 SP2 : doxygen (EulerOS-SA-2021-1289)

According to the version of the doxygen package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe...

Huawei EulerOS: Security Advisory for doxygen (EulerOS-SA-2021-1289)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jenkins: Reflected XSS vulnerability in markup formatter preview

A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...

Cross-site Request Forgery in fastify-csrf

The package fastify-csrf before 3.0.0 has a set of issues that affect its ability to do CSRF protection. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

GHSA-49WP-QQ6X-G2RF Cross-site Request Forgery in fastify-csrf

The package fastify-csrf before 3.0.0 has a set of issues that affect its ability to do CSRF protection. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

CVE-2020-28482

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

CVE-2020-28482

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

CVE-2020-28482 Cross-site Request Forgery (CSRF)

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

Cross-site Request Forgery (CSRF)

Overview fastify-csrf is an A plugin for adding CSRF protection to Fastify. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true . Also, the CS...

Denial Of Service (DoS)

jenkins is vulnerable to denial of service DoS. The vulnerability exists as it does not limit sizes provided as query parameters to graph-rendering URLs...

CVE-2021-21607

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

PT-2021-14653 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue arises from the lack of restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected...

Ortus Solutions Testbox Command Injection Vulnerability

Ortus Solutions Ortus Solutions Testbox is a behavior-driven testing framework for ColdFusion environments from Ortus Solutions, USA. A security vulnerability in Ortus TestBox versions 2.4.0 through 4.1.0, which originates from an unvalidated query string parameter passed to...

Low: doxygen

Issue Overview: Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection. CVE-2016-10245 Affected Packages: doxygen Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...

Security Bulletin: Query Parameter in SSL vulnerability in IBM Operations Analytics - Log Analysis

Summary When session timeout occurs, Log Analysis UI asks to re-enter the password. Requests sent over SSL contain the query parameter name, value or combination of values like username and password. Vulnerability Details Third Party Entry: PSIRT-ADV0022529 DESCRIPTION: Created from Advisory:...