Lucene search
+L

29 matches found

CNVD
CNVD
added 2022/03/01 12:0 a.m.41 views

karma input validation error vulnerability

karma is a simple tool that allows you to execute JavaScript code in multiple real browsers. karma versions prior to 6.3.16 have a security vulnerability that stems from a lack of validation of returned url query parameters, which could be exploited to perform redirect attacks...

6.1CVSS4.2AI score0.00884EPSS
Exploits0References1
NVD
NVD
added 2022/02/15 5:15 p.m.44 views

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

5.4CVSS0.00724EPSS
Exploits0References2
Prion
Prion
added 2022/02/15 5:15 p.m.17 views

Authentication flaw

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

4.9CVSS5.3AI score0.00724EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/10 12:0 a.m.33 views

JVN#68066589: WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting

WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Impact An arbitrary script may be executed on the web browser of the user who is accessing t...

6.1CVSS6AI score0.01243EPSS
Exploits0
CNVD
CNVD
added 2021/03/11 12:0 a.m.11 views

GROWI Cross-Site Scripting Vulnerability (CNVD-2021-19695)

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...

6.1CVSS6.4AI score0.00947EPSS
Exploits0References1
OSV
OSV
added 2021/03/10 10:15 a.m.19 views

CVE-2021-20672

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.3AI score
Exploits0References2
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.7 views

Cloudbees Jenkins 跨站脚本漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . A cross-site scripting...

6.1CVSS6.2AI score0.01185EPSS
Exploits0References8
CNVD
CNVD
added 2020/06/18 12:0 a.m.8 views

OMERO.web Information Disclosure Vulnerability

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web versions prior to 5.6.3, which arises when the program passes sensitive data elements, such as a session key, as URL quer...

5.7CVSS6.2AI score0.00803EPSS
Exploits0References1
Prion
Prion
added 2020/06/17 5:15 p.m.16 views

Path traversal

OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...

3.5CVSS5.3AI score0.00803EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder