82 matches found
CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
DEBIAN-CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
Informatica: [marketplace.informatica.com] Open Redirect
marketplace.informatica.com contains an open redirect due to a flawed URL rewrite rule. All requests containing a single quote: ' are met with a 302 redirect to the same URL, minus the single quote. As the Location header uses a protocol-relative URL, this can be abused to redirect people to...
CVE-2014-0480
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // slash slash in a URL, which triggers a scheme-relative URL...
CVE-2014-0480
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // slash slash in a URL, which triggers a scheme-relative URL...
CVE-2014-0480
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // slash slash in a URL, which triggers a scheme-relative URL...
Medium: subversion
Issue Overview: The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request. The...
CVE-2013-4505
The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request...
CVE-2013-4505
The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request...
CVE-2013-2920
The DoResolveRelativeHost function in url/urlcanonrelative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service out-of-bounds read via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/...
CVE-2013-2920
The DoResolveRelativeHost function in url/urlcanonrelative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service out-of-bounds read via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/...
Out-of-bounds
The DoResolveRelativeHost function in url/urlcanonrelative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service out-of-bounds read via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/...
CVE-2013-2920
The DoResolveRelativeHost function in url/urlcanonrelative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service out-of-bounds read via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/...
Open-Xchange Security Advisory 2013-04-17
Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...
OauthApplinksServlet Open Redirect
The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...
ConsumerConfigurationServlet Open Redirect
The ConsumerConfigurationServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...
ConsumerConfigurationServlet Open Redirect
The ConsumerConfigurationServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...
AddConsumerReciprocalServlet Open Redirect
The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...