Lucene search
+L

160 matches found

Vulnrichment
Vulnrichment
added 2023/10/05 12:34 p.m.18 views

CVE-2022-4145 Content spoofing

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...

4.3CVSS6.7AI score0.00601EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/27 10:55 a.m.24 views

Arbitrary Text Injection

Kiali is vulnerable to content spoofing. The vulnerability is due to implement proper error handling when a page or endpoint being accessed is not found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed...

4.3CVSS7.3AI score0.00711EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/09/23 9:30 p.m.12 views

GHSA-6F4M-J56W-55C3 Kiali content spoofing vulnerability

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS5AI score0.00711EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/09/23 9:30 p.m.23 views

Kiali content spoofing vulnerability

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS7.3AI score0.00711EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2023/09/23 8:15 p.m.29 views

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS4.7AI score0.00711EPSS
Exploits0References3
OSV
OSV
added 2023/09/23 8:15 p.m.5 views

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/09/23 8:15 p.m.3 views

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References4
Prion
Prion
added 2023/09/23 8:15 p.m.16 views

Spoofing

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS5.1AI score0.00711EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/09/23 7:0 p.m.114 views

CVE-2022-3962

CVE-2022-3962 affects Kiali and is described as a content spoofing vulnerability. The issue arises because Kiali does not implement proper error handling when the target page or endpoint cannot be found, permitting an attacker to inject arbitrary text via error responses retrieved from the URL. T...

4.3CVSS5.1AI score0.00711EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/09/23 7:0 p.m.38 views

CVE-2022-3962 Kiali: error message spoofing in kiali ui

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS5AI score0.00711EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/23 12:0 a.m.5 views

PT-2023-13726 · Kiali · Kiali

Name of the Vulnerable Software and Affected Versions: Kiali affected versions not specified Description: A content spoofing issue was found in Kiali, where it does not implement error handling when the page or endpoint being accessed cannot be found. This allows an attacker to perform arbitrary...

4.3CVSS6.8AI score0.00711EPSS
Exploits0References12
OSV
OSV
added 2023/03/10 1:19 p.m.19 views

SUSE-SU-2023:0707-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. Update to 3.9.16: - python -m http.server no longer allows terminal control characters sent within a...

9.8CVSS8.3AI score0.20459EPSS
Exploits6References7
RedhatCVE
RedhatCVE
added 2022/11/26 10:25 p.m.22 views

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

4.3CVSS3AI score0.00711EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/11/26 10:25 p.m.57 views

CVE-2022-4145

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation...

4.3CVSS6.9AI score0.00601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/08 12:0 a.m.4 views

PT-2022-22029 · Ibm · Ibm Cics Tx Standard +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Th...

5.8CVSS5.4AI score0.01049EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.29 views

Moodle Does Not Escape Characters In Email Headers

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam...

5.8CVSS7.3AI score0.00804EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/21 12:0 a.m.6 views

PT-2022-16720 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0p19 and earlier Description: The issue concerns a Cross Site Scripting XSS vulnerability. It occurs when creating or editing a user attribute, where the Help Text is subject to HTML injection. This can be triggered when...

6.1CVSS6.6AI score0.00671EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/01/09 9:1 p.m.39 views

Omise: Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection.

Summary: 1. Open Redirection The https://dashboard.omise.co/test/dashboard website is vulnerable to an Open Redirection flaw if the server receives a crafted X-Forwarded-Host header. Description: Open Redirect is a vulnerability in which the attacker manipulates a web page to redirect the users t...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2022/01/08 2:59 p.m.37 views

Krisp: Error Page Content Spoofing or Text Injection

Summary: Error Page Content Spoofing or Text Injection in two urls Target: https://download.prelive.krisp.ai/ Target:https://upld.prelive.krisp.ai/ Description: Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2021/12/09 2:17 p.m.36 views

Judge.me : Error Page Content Spoofing or Text Injection

Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, an attacker can supply conten...

0.5AI score
Exploits0
Rows per page
Query Builder