EUVD-2026-10441

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

EUVD-2024-16754

Malicious code in bioql PyPI...

CVE-2023-21481

Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information...

CVE-2023-21481

The CVE-2023-21481 entry concerns Samsung Account before version 14.1.0.0, where improper URL input validation could allow remote attackers to obtain sensitive information. Affected software: Samsung Account application (pre-14.1.0.0). Root cause: improper URL input validation. Impact: confidenti...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of the URL input, allowing attackers to execute arbitrary JavaScript code in the user's context by embedding a malicious javascript: URL in the link target of a link button...

CVE-2024-26148

CVE-2024-26148 affects Querybook prior to v3.31.1, where the rich text editor accepts arbitrary URLs without validation, enabling the use of the javascript: protocol and potentially triggering client-side execution. The most severe impact could allow an admin to be compromised via a crafted XSS U...

CVE-2023-1977 Booking Manager < 2.0.29 - Subscriber+ SSRF

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

Internet Bug Bounty: Open Redirect Vulnerability in Action Pack

An open redirect vulnerability was discovered in Action Pack, specifically in the redirectto helper function. This vulnerability allowed for the possibility of an attacker to craft a URL that could bypass the protection against open redirects introduced in Rails 7.0. The vulnerability was fixed i...

CVE-2021-1500 Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit th...

CVE-2020-17385

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...

CVE-2020-17386

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system...

CVE-2020-17384

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...

Path traversal

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...

Information disclosure

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...

PT-2020-14936 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue allows unauthorized users to launch a Path Traversal attack due to improper validation of URL input, enabling access to arbitrary files on the system. Recommendations: For...

PT-2020-14935 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue arises from improper validation of URL input. An attacker can exploit this by injecting and remotely executing arbitrary commands to manipulate the system, provided they...

PT-2020-14937 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue concerns improper validation of URL input. An attacker can manipulate the URL parameter using the cookie of an authenticated user to access arbitrary files on the system...

CVE-2020-7008

CVE-2020-7008 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module. A path traversal vulnerability lets an attacker supply unverified URL input to read arbitrary local files. Red Hat and CVE records confirm the issue and ICS/CISA advisories reference the same affected products. Mitigat...

Kodi Local File Inclusion Vulnerability

Kodi formerly XBMC is a free and open source media player software application developed by the XBMC Foundation.Chorus is the web interface used to control and interact with Kodi. Kodi suffers from a local file inclusion vulnerability that stems from insufficient validation of user input performe...