7 matches found
CVE-2026-7184 Mattermost Remote Cluster PATCH API Leaks Authentication Tokens
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...
PT-2026-46114
Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk versions 0.0.0 through 9.7.1 Description Reflected Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize API response messages before rendering them in HTML output. Specifically, the cleantalk di...
MiracleLinux 7 : ruby-2.0.0.648-33.0.1.el7.AXS7 (AXSA:2018-2583:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2583:01 advisory. It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploi...
CVE-2023-39150
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387...
CVE-2024-48648
A Reflected Cross-Site Scripting XSS vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding...
UBUNTU-CVE-2020-8227
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...
e-Courier CMS Cross Site Scripting
Vendor: e-Courier http://www.ecouriersoftware.com/ Product: CMS Tracking Site Issue: Cross-Site Scripting. Description: Nearly all pages include the URI Parameter UserGUID, which is not sanitized before being included in the response. Example:...