Lucene search
K

247 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.5 views

CVE-2023-26847

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...

5.4CVSS5.6AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:59 a.m.6 views

CVE-2023-1421

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter...

6.1CVSS6.1AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.20 views

CVE-2019-10315

Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF...

8.8CVSS6.7AI score0.02125EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 a.m.8 views

CVE-2019-15150

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function...

8.8CVSS6.9AI score0.01164EPSS
Exploits0References1
Snyk
Snyk
added 2025/01/16 5:32 p.m.5 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the dynamicoverrideconfig function, which is accessible through the state parameter at th...

5.4CVSS5.3AI score0.30854EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.6 views

PT-2025-4842 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: Librenms versions up to 24.10.1 Description: The issue is a stored XSS that affects the parameter: ajax form.php - param: state. This allows remote attackers to inject malicious scripts, which execute immediately when a user views or interact...

5.4CVSS6.4AI score0.30854EPSS
Exploits1References10
CNVD
CNVD
added 2024/12/30 12:0 a.m.3 views

Complaint Management System /admin/state.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of sufficient validation of the input of the state parameter in the /admin/state.php file. No details of the vulnerability are available at...

9.8CVSS8.1AI score0.00539EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/29 12:0 a.m.4 views

PHPGurukul Complaint Management System 注入漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from an SQL injection vulnerability that stems from a lack of sufficient validation of the input of the state parameter in the /admin/category.php file. No details of the vulnerability are available ...

9.8CVSS8AI score0.00735EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/29 12:0 a.m.4 views

PT-2024-17864 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Complaint Management System. This issue affects an unknown part of the file /admin/category.php. The manipulation of the...

9.8CVSS8.1AI score0.00735EPSS
Exploits1References13
OSV
OSV
added 2024/12/27 2:15 a.m.3 views

CVE-2024-12977

A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

9.8CVSS5.7AI score0.00539EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.3 views

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of sufficient validation of the input of the state parameter in the /admin/state.php file. No details of the vulnerability are available at...

9.8CVSS8AI score0.00539EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.4 views

PT-2024-17839 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 1.0 Description: A critical issue has been found in the PHPGurukul Complaint Management System. This issue affects an unknown part of the /admin/state.php file. The manipulation of the state...

9.8CVSS7.2AI score0.00539EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2024/11/13 6:34 p.m.19 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.38 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

10CVSS6.7AI score0.01364EPSS
Exploits2References20
OSV
OSV
added 2024/10/24 9:15 p.m.3 views

DEBIAN-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

6.1CVSS5.3AI score0.00441EPSS
Exploits1References1
OSV
OSV
added 2024/10/24 9:15 p.m.3 views

UBUNTU-CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS5.8AI score0.00441EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/08/21 6:32 a.m.13 views

Openshift Console insufficient entropy vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS7AI score0.00559EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/21 5:45 a.m.13 views

CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

8CVSS7.1AI score0.00559EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.6 views

PT-2024-37678 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...

8CVSS7.9AI score0.00559EPSS
Exploits0References22
CNNVD
CNNVD
added 2024/08/19 12:0 a.m.5 views

Red Hat OpenShift 安全特征问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat OpenShift that stems from the OAuth2 protocol being vulnerable to cross-site request forge...

8CVSS7.7AI score0.00559EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/15 6:48 p.m.54 views

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

6.5CVSS0.00226EPSS
Exploits0References3
Rows per page
Query Builder