CVE-2021-39250

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

CVE-2021-39250

Invision Community (IPS Community Suite/IP-Board) is affected by a stored XSS in versions prior to 4.6.5.1, which can lead to code execution. The vulnerability arises because an uploaded file can be placed inside an IFRAME within user-generated content. For exploitation, an attacker can rely on t...

Invision Community 跨站脚本漏洞

Invision Community is a software for designing and developing mobile application UI from Invision Inc. in the United States. A cross-site scripting vulnerability exists in Invision Community that stems from the product's ability to allow uploading of files into IFRAME elements. The vulnerability...

Medium: curl

Issue Overview: It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2049)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-2060)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3...

curl: Leak of authentication credentials in URL via automatic Referer

It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected...

curl: Leak of authentication credentials in URL via automatic Referer

It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected...

SUSE SLES11 Security Update : curl (SUSE-SU-2021:14707-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14707-1 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in t...

GHSA-GC45-J3M5-8QFQ Server-Side Request Forgery in Feehi CMS

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-1969)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad...

Server-Side Request Forgery (SSRF)

feehi/cms is vulnerable to server-side request forgery. An attacker is able to modifies the HTTP Referer header and cause the server to make a request to the URL...

CVE-2021-30108

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

Server side request forgery (ssrf)

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

Feehi CMS 代码问题漏洞

FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. Feehi CMS 2.1.1 suffers from a code issue vulnerability that stems from the server being able to send requests to any url when the user modifies the HTTP Referer header to it...

OESA-2021-1170 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS...

Yzmcms 跨站脚本漏洞

Yzmcms is an open source CMS Content Management System for Yzmcms individual developers. A cross-site scripting vulnerability exists in yzmcms v5.2, which can be exploited by a remote attacker to inject commands into the "referer" field of a POST request to the component "member index login.html"...

ALPINE-CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

DEBIAN-CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...