CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

Cross site scripting

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

CVE-2016-10245

CVE-2016-10245 affects the doxygen package across multiple distributions (e.g., MiracleLinux, EulerOS, NewStart CGSL, etc.). Root cause: insufficient sanitization of the query parameter in templates/html/search_opensearch.php, allowing reflected cross-site scripting or iframe injection. Impact: r...

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

GHSA-JGMR-WRWX-MGFJ Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

CVE-2019-3797

This entry concerns Spring Data JPA with versions up to 2.1.5, 2.0.13 and 1.11.19. The vulnerability arises in derived queries using the predicates startingWith, endingWith, or containing, which could return more results than intended when a crafted query parameter is supplied. Additionally, LIKE...

CVE-2019-3400

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...

Xiaomi Mi Browser / Mint Browser URL Spoofing

Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser v10.5.6-g and Mint Browser v1.5.3 Date : 11/04/2019 Exploit Author: Arif Khan @payloadartist Vendor Homepage: www.xiaomi.com Version : v10.5.6-g and v1.5.3 Tested On : MIUI OS, v10.1.3.0 CVE : CVE-2019-10875 Exploit:...

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Spoofing

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g aka the MIUI native browser and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user...

CVE-2019-10875

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g aka the MIUI native browser and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user...

CVE-2019-10875

CVE-2019-10875 is a URL-spoofing vulnerability in Xiaomi Mi Browser (international) 10.5.6-g and Mint Browser 1.5.3 caused by how the q parameter is handled: the portion of the https URL before ?q= is not displayed, enabling spoofing of the address bar. Several public sources document a PoC and p...

CVE-2019-10875

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g aka the MIUI native browser and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user...

Information Disclosure

atomic-openshift is vulnerable to information disclosure. An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a...

Sql injection

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter...

CVE-2019-5893

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter...

Jenzabar Cross-Site Scripting Vulnerability

Jenzabar is a set of student information management system from the American company Jenzabar. The system includes functions such as course management, enrollment management, financial management and human resource management. A cross-site scripting vulnerability exists in Jenzabar versions 8.2.1...

CVE-2018-16778

Cross-site scripting XSS vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter aka the Search Field...