8 matches found
CVE-2026-7460
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...
FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation
Summary A Reflected Cross-Site Scripting XSS vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. Details The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified...
The vulnerability of the system-mounted module in operating systems such as Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and the enterprise-level server Synology Unified Controller allows a perpetrator to execute arbitrary code.
The vulnerability of the system-mounted modules of the Synology BeeStation Manager BSM, Synology DiskStation Manager DSM, and the corporate-level server Synology Unified Controller lies in the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote...
The vulnerability of the distributed Git version control system, related to the lack of mechanisms for encoding or shielding output data, allows a hacker to disclose protected information.
The vulnerability of the distributed Git version control system is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...
The vulnerability of the system administration program Sudo, related to the lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential information.
The vulnerability of the system administration program Sudo is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
The vulnerability of the software platform for managing administrative policies and privileges, Policykit, is related to the lack of mechanisms for encoding or shielding output data. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the software platform for managing administrative policies and privileges related to Policykit lies in the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity,...
The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software environment, related to a lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential information.
The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software, which is used to implement the hypertext environment, is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow a...
FreeBSD : typo -- XSS (67516177-88ec-11e1-9a10-0023ae8e59f0)
Typo Security Team reports : Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...