129 matches found
CVE-2021-23387
The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::createTrailing, as the web server uses relative URLs...
Open redirect
The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::createTrailing, as the web server uses relative URLs...
CVE-2021-23387
CVE-2021-23387 concerns the npm package trailing-slash. The vulnerability is an Open Redirect caused by the use of trailing double slashes in URLs accessed at vulnerable endpoints, with the flaw located in index.js::createTrailing() (web server uses relative URLs). Affected versions are before 2....
Open Redirection
koa-remove-trailing-slashes is vulnerable to open redirection. The usage of relative URLs instead of absolute URLs in removeTrailingSlashes allows an attacker to use trailing double slashes in the URL to redirect users to malicious websites...
Open redirect
The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::removeTrailingSlashes, as the web serve...
CVE-2021-23384 Open Redirect
The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::removeTrailingSlashes, as the web serve...
CVE-2021-23384
The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::removeTrailingSlashes, as the web serve...
GHSA-MJXR-4V3X-Q3M4 Improper Input Validation in sanitize-html
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
DEBIAN-CVE-2019-17670
WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because Windows paths are mishandled during certain validation of relative URLs...
curl: Active Mixed Content over HTTPS
Summary: Resources Loaded from Insecure Origin HTTP Steps To Reproduce: Vulnerability Details detected that an active content loaded over HTTP within an HTTPS page Remedy There are two technologies to defense against the mixed content issues: HTTP Strict Transport Security HSTS is a mechanism tha...
Design/Logic Flaw
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to...
UBUNTU-CVE-2015-8622
Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...
jenkins: Open redirect to scheme-relative URLs (SECURITY-276)
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs...
CVE-2016-3726
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs...
Open redirect
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs...
CVE-2016-3726
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs...
CloudBees Jenkins CI and Jenkins LTS redirection vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...
Local File Disclosure
SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images with relative URLs, and relative...
PYSEC-2014-4
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // slash slash in a URL, which triggers a scheme-relative URL...
[XSSless] An automated XSS payload generator written in python
An automated XSS payload generator written in python. Usage 1. Record requests with Burp proxy 2. Select requests you want to generate, then right click and select "Save items" 3. Use xssless to generate your payload: ./xssless.py burpexportfile 4. Pwn! A more detailed tutorial can be found here...