CVE-2022-4421

A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possibl...

Cross site scripting

A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possibl...

CVE-2022-4421 rAthena FluxCP Service Desk Image URL view.php cross site scripting

A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possibl...

CVE-2022-4421

CVE-2022-4421 affects rAthena FluxCP, specifically the Service Desk Image URL Handler in themes/default/servicedesk/view.php. The vulnerability arises from manipulating the sslink parameter, enabling cross-site scripting. It is exploitable remotely. A patch exists (named 8a39b2b2bf28353b3503ff142...

Cross-site Scripting (XSS)

nukeviet/nukeviet is vulnerable to cross-site scripting.The vulnerability exists in Request.php due to incorrectly neutralized user-controllable inputs which allows an attacker to inject and execute malicious javascript through Data URL Handler...

NukeView CMS vulnerable to Cross-site Scripting

NukeView CMS has been found to be vulnerable to Cross-site Scripting. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may...

GHSA-X45F-J34V-75XM NukeView CMS vulnerable to Cross-site Scripting

NukeView CMS has been found to be vulnerable to Cross-site Scripting. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may...

CVE-2022-3975

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

CVE-2022-3975

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

CVE-2022-3975 NukeViet CMS Data URL Request.php filterAttr cross site scripting

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

Vinades NukeViet 安全漏洞

Vinades NukeViet is an open source Content Management System CMS from Vinades Vietnam. A security vulnerability exists in Vinades NukeViet CMS, which originates from an affected filterAttr function in the vendor/vinades/nukeviet/Core/Request.php file of the Data URL Handler component, where...

CVE-2022-3975 NukeViet CMS Data URL Request.php filterAttr cross site scripting

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

CVE-2022-40183

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user...

CVE-2022-40183

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user...

PT-2022-25264 · Unknown · Videojet Multi 4000

Name of the Vulnerable Software and Affected Versions: VIDEOJET multi 4000 affected versions not specified Description: An error in the URL handler may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the encoder address can send a crafted lin...

CVE-2022-40183

CVE-2022-40183 affects Bosch VIDEOJET multi 4000: a vulnerability in the encoder’s URL handler enables reflected XSS in the web interface. An attacker who knows the encoder’s address can send a crafted link to a user, causing JavaScript to run in the user’s context. The issue is documented across...

CVE-2022-40183 Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user...

[SECURITY] Fedora 36 Update: golang-github-bobesa-domain-util-0-0.6.20200504git4033b5f.fc36

Handler for URL parts and identification of TLD and sub domains...

Arbitrary command execution on Windows via qutebrowserurl: URL handler

Impact Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers it as a handler for certain URL schemes. With some applications such as Outlook Desktop, opening a specially crafted URL can lead to argument injection, allowing execution of qutebrowser commands, which in tu...