742 matches found
Authentication flaw
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...
CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-46389
IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters...
CVE-2021-46389
IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters...
CVE-2021-46389
IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters...
CVE-2021-46389
IIPImage High Resolution Streaming Image Server is affected by an integer overflow in iipsrv.fcgi triggered by malformed HTTP query parameters (pre-commit 882925b295a80ec992063deffc2a3b0d803c3195). Multiple connected sources describe remote memory corruption/overflow leading to denial-of-service,...
Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting
The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/index.php?p=%3Cimg%20src%20onerror=alert/XSS/%3Eurl=1...
GHSA-QRMM-W75W-3WPX Server side request forgery in SwaggerUI
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...
Server side request forgery in SwaggerUI
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...
JVN#68066589: WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting
WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Impact An arbitrary script may be executed on the web browser of the user who is accessing t...
ShinHer StudyOnline System 安全漏洞
ShinHer StudyOnline System is a school system from ShinHer, China. ShinHer StudyOnline System is vulnerable to an authorization issue, which stems from the fact that the teacher editing function of ShinHer StudyOnline System is not controlled by permissions. An attacker could use this vulnerabili...
CVE-2021-34427
A flaw was found in eclipse-birt. An attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2021-34427
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance...
PT-2021-20526
Name of the Vulnerable Software and Affected Versions: Eclipse BIRT versions 4.8.0 and earlier Description: An issue exists where an attacker can use query parameters to create a JSP file, accessible from remote, in the current BIRT viewer directory. This allows the injection of JSP code into the...
CVE-2021-32696
The npm package "striptags" is an implementation of PHP's striptags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attack...
Passing in a non-string 'html' argument can lead to unsanitized output
A type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. Impact XS...
GHSA-QXG5-2QFF-P49R Passing in a non-string 'html' argument can lead to unsanitized output
A type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. Impact XS...
CVE-2021-21666
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
Cross site scripting
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2021-32670
Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...