56 matches found
GitLab 跨站请求伪造漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from a lack of validation...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26156
CVE-2022-26156 affects Cherwell Service Management (CSM) web application, version 10.2.3. The issue is an injection of a malicious payload into the RelayState= parameter of the HTTP request body, causing form-action hijacking by altering the form submission URL to an attacker-controlled endpoint....
Cherwell Service Management 输入验证错误漏洞
Cherwell Service Management is flexible, feature-rich ITSM software that is easy to use, configure and maintain. An input validation error vulnerability exists in Cherwell Service Management because the product does not validate special characters in data corresponding to the RelayState parameter...
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
Cross site scripting
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
Red Hat JBoss Enterprise Application Platform 7.x < 7.2.2 Multiple Vulnerabilities
The version of Red Hat JBoss Enterprise Application Platform EAP installed on the remote host is 7.x prior to 7.2.2. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:1424 advisory: - picketlink: reflected XSS in SAMLRequest via RelayState parameter CVE-2019-387...
Cross-site Scripting (XSS)
picketlink is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser through an SAMLRequest via the RelayState parameter...
picketlink: reflected XSS in SAMLRequest via RelayState parameter
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...
picketlink: reflected XSS in SAMLRequest via RelayState parameter
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...
picketlink: reflected XSS in SAMLRequest via RelayState parameter
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...
picketlink: reflected XSS in SAMLRequest via RelayState parameter
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...
sso.capes.gov.br XSS vulnerability
Open Bug Bounty ID: OBB-621195 Description| Value ---|--- Affected Website:| sso.capes.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2015-1966
CVE-2015-1966 is a cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) and related IBM Security Access Manager for Mobile. It affects TFIM versions 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, allowing a remote attacker to inject arbitrary scrip...