1460 matches found
VulnCheck KEV: CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...
PT-2023-31805 · Unknown · Brizy – Page Builder
Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder versions 2.4.29 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...
PT-2023-8397 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.8.13 GitHub Enterprise Server versions prior to 3.9.8 GitHub Enterprise Server versions prior to 3.10.5 GitHub Enterprise Server versions prior to 3.11.3 GitHub Enterprise Server versions prior to...
CVE-2023-50250 Cross-Site Scripting vulnerability when Import xml template file
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in templatesimport.php...
Cross Site Scripting (XSS)
malojaserver is vulnerable to Cross Site Scripting XSS attack. The vulnerability arises due to the error page reflecting the missing path to the user. An attacker can execute arbitrary JavaScript in the malojaserver's client context...
OSV-2023-1326 Security exception in java.base/java.lang.reflect.Array.newArray
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65139 Crash type: Security exception Crash state: java.base/java.lang.reflect.Array.newArray java.base/java.lang.reflect.Array.newInstance java.base/java.io.ObjectInputStream.readArray...
PYSEC-2023-260
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...
PYSEC-2023-260
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...
Schweitzer Engineering Laboratories SEL-411L Input Validation Error Vulnerability
The Schweitzer Engineering Laboratories SEL-411L is a state-of-the-art line differential protection, automation and control system from Schweitzer Engineering Laboratories, USA. An input validation error vulnerability exists in the Schweitzer Engineering Laboratories SEL-411L, which can be...
CVE-2023-2267
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details...
CVE-2023-2267
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details...
Input validation
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details...
CVE-2023-2267 Improper input validation could lead to reflection injection attacks
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details...
CVE-2023-2267
CVE-2023-2267 describes an input validation error in the Schweitzer Engineering Laboratories SEL-411L (a line differential protection, automation and control system). The connected documents state that this vulnerability could allow an attacker to perform reflection attacks against an authorized ...
Schweitzer Engineering Laboratories SEL-411L 安全漏洞
The Schweitzer Engineering Laboratories SEL-411L is a state-of-the-art line differential protection, automation and control system from Schweitzer Engineering Laboratories, USA. An input validation error vulnerability exists in the Schweitzer Engineering Laboratories SEL-411L, which can be...
PT-2023-31052 · Unknown · Symbolicator
Name of the Vulnerable Software and Affected Versions: Symbolicator versions prior to 23.11.2 Description: The issue allows an attacker to make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the...
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
VulnCheck KEV: CVE-2022-22242
A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS...
Exploit for Unsafe Reflection in Hsqldb Hypersql_Database
Research into CVE-2022-41853: Using static functions to obtian...