Cross site scripting

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting XSS vulnerability...

CVE-2020-26835

SAP NetWeaver AS ABAP (versions 740–754) is affected by a reflected XSS due to insufficient URL encoding, allowing an attacker to inject JavaScript via the URL and execute it in the browser. This is described in CNVD-2021-03703 and PT-2020-16518, which note the root cause as improper URL encoding...

CVE-2020-26835

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting XSS vulnerability...

SAP NetWeaver AS ABAP 跨站脚本漏洞

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A security vulnerability exists in SAP NetWeaver AS ABAP that stems from a failure to adequately encode URLs, allowing an attacker to enter malicious java script in...

Path traversal

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in modules/auth/repoform.go...

PT-2020-17077 · Gitea +1 · Gitea +1

Name of the Vulnerable Software and Affected Versions: Gitea versions 0.9.99 through 1.12.x before 1.12.6 Description: The issue arises from the failure to prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in...

Information Disclosure

semantic-release is vulnerable to information disclosure. Secrets that would normally be masked can be disclosed when they contain characters that become encoded when included in a URL...

CVE-2020-26226

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a U...

Secret disclosure when containing characters that become URI encoded

Impact Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Patches Fixed in v17.2.3 Workarounds Secrets that do not contain characters that become encoded when included in a URL are already...

PT-2020-20862 · Apple · Itunes For Windows +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Safari versions prior to 13.1.2 iTunes for Windows versions prior to 12.10.8 iCloud for Windows versions prior to 11.3 and...

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

openSUSE Security Update : libmediainfo / mediainfo (openSUSE-2020-1390)

This update for libmediainfo, mediainfo fixes the following issues : libmediainfo was updated to version 20.08 : Added : - MPEG-H 3D Audio full featured support group presets, switch groups, groups, signal groups - MP4/MOV: support of more metadata locations - JSON and XML outputs: authorize...

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...

Exploit for CVE-2020-13933

CVE-2020-13933 – Test Bed shiro: Permission configuration...

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

U.S. Dept Of Defense: Reflected XSS in https://www.██████/

Hello Security Team, I would like to report the XSS vulnerability on your system. The i= parameter is not escaped properly for URL encoded values. Steps To Reproduce: Visit the following POC link:...

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

CURL-CVE-2020-8169 Partial password leak over DNS on HTTP redirect

libcurl can be tricked to prepend a part of the password to the hostname before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username and password for HTTP authentication when requesting an HTTP resource - used for HTTP...

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...