Design/Logic Flaw

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

Sql injection

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

UBUNTU-CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-35545

Removed by vendor...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

WP DB Error Manager <= 2.1.6 - Reflected Cross-Site Scripting (XSS)

Reflected XSS in the file "admin/partials/wp-db-error-manager-login-display.php" in parameter "email" query string PoC https://example.com/wp-content/plugins/wp-database-error-manager/admin/partials/wp-db-error-manager-login-display.php?email=%22%3E%3Cimg%20src%20onerror=alert/XSS/%3E...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the PHP 7+ versions, but the bug itself is present in earlier versions. The exploit works by setting the...

GHSA-C3PX-V9C7-M734 Prototype Pollution in mithril

Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as proto%5BtoString%5D=123 in...

GHSA-7F59-X49P-V8MQ Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...

CVE-2020-14973

The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting XSS vulnerability via the query string...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the vulnerable configuration is present. The exploit targets PHP 7+ and works by appending a specially...

CVE-2019-17557

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string...

CVE-2019-17557

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string...

@appirio/salesforce (>=0.5.9 <=2.0.1), @artemis-prime/facebook-messenger-bot (=1.0.1) +205 more potentially affected by CVE-2017-1000048 via qs (>=6.1.0 <=6.1.1)

qs NPM version =6.1.0, =0.5.9, =1.1.25, =1.0.88, =1.1.7, =1.3.20, =16.1.4, =0.0.1, =2.0.1, =1.0.0, =1.0.6 - @mshksdk/design =0.0.2 and more Source cves: CVE-2017-1000048 Source advisory: OSV:GHSA-GQGV-6JQ5-JJJ9...

CVE-2019-12520

A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo username and password for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a...

Open redirect

Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string...

python: CRLF injection via the query part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...