160 matches found
CVE-2022-4145 Content spoofing
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...
Arbitrary Text Injection
Kiali is vulnerable to content spoofing. The vulnerability is due to implement proper error handling when a page or endpoint being accessed is not found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed...
GHSA-6F4M-J56W-55C3 Kiali content spoofing vulnerability
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
Kiali content spoofing vulnerability
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
CVE-2022-3962
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
CVE-2022-3962
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
CVE-2022-3962
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
Spoofing
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
CVE-2022-3962
CVE-2022-3962 affects Kiali and is described as a content spoofing vulnerability. The issue arises because Kiali does not implement proper error handling when the target page or endpoint cannot be found, permitting an attacker to inject arbitrary text via error responses retrieved from the URL. T...
CVE-2022-3962 Kiali: error message spoofing in kiali ui
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
PT-2023-13726 · Kiali · Kiali
Name of the Vulnerable Software and Affected Versions: Kiali affected versions not specified Description: A content spoofing issue was found in Kiali, where it does not implement error handling when the page or endpoint being accessed cannot be found. This allows an attacker to perform arbitrary...
SUSE-SU-2023:0707-1 Security update for python39
This update for python39 fixes the following issues: - CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. Update to 3.9.16: - python -m http.server no longer allows terminal control characters sent within a...
CVE-2022-3962
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...
CVE-2022-4145
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...
PT-2022-22029 · Ibm · Ibm Cics Tx Standard +1
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Th...
Moodle Does Not Escape Characters In Email Headers
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam...
PT-2022-16720 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0p19 and earlier Description: The issue concerns a Cross Site Scripting XSS vulnerability. It occurs when creating or editing a user attribute, where the Help Text is subject to HTML injection. This can be triggered when...
Omise: Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection.
Summary: 1. Open Redirection The https://dashboard.omise.co/test/dashboard website is vulnerable to an Open Redirection flaw if the server receives a crafted X-Forwarded-Host header. Description: Open Redirect is a vulnerability in which the attacker manipulates a web page to redirect the users t...
Krisp: Error Page Content Spoofing or Text Injection
Summary: Error Page Content Spoofing or Text Injection in two urls Target: https://download.prelive.krisp.ai/ Target:https://upld.prelive.krisp.ai/ Description: Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user...
Judge.me : Error Page Content Spoofing or Text Injection
Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, an attacker can supply conten...