CVE-2026-41493

Summary: CVE-2026-41493 affects the Ruby documentation tool YARD, specifically the yard server. Prior to version 0.9.42, a path traversal vulnerability could allow unsanitized HTTP requests to access arbitrary files on the host running yard server under certain conditions. This was fixed in versi...

PT-2025-15386 · Senron · Senron 7Kt Pac1260 Data Manager

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager All versions Description: A vulnerability has been identified in the web interface of affected devices, where input parameters in specific GET requests are not sanitized. This could allow an authenticated remot...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

PT-2022-25271 · Sauter Controls · Sauter Controls Moduweb

Name of the Vulnerable Software and Affected Versions: SAUTER Controls moduWeb firmware version 2.7.1 Description: The web application does not adequately sanitize request strings of malicious JavaScript, allowing an attacker to execute malicious code in users' browsers and steal sensitive...

Remote Code Execution (RCE)

Apache Spark 'master' host is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of user request to the authentication-disabled 'master' host allowing an attacker to execute code via a maliciously crafted request...

The vulnerability of the implementation of the Lightweight Directory Access Protocol (LDAP) in the Cisco Secure Email and Web Manager content protection device, as well as the Cisco Email Security Appliance (ESA) email security system, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Lightweight Directory Access Protocol LDAP implementation of the Cisco Secure Email and Web Manager security device, as well as the Cisco Email Security Appliance ESA email security system, is related to the lack of proper input sanitization during requests to the externa...

CVE-2020-16978

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

CVE-2020-1345

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

CVE-2020-1205

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...

CVE-2020-1227

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Microsoft SharePoint Spoofing Vulnerability (CNVD-2020-63721)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

CVE-2020-1573

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

PT-2020-3296 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to insufficient sanitization of web requests, which can lead to cross-site...

CVE-2020-0891

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint...

CVE-2019-1031

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

CVE-2019-1036

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

UBUNTU-CVE-2017-12173

It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...

CVE-2017-8745

An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability"...

Jetty 4.1 Servlet Engine - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5821/info Jetty is a freely available, open source Java Web Server and Servlet Container. It is available for Linux, Unix, and Microsoft Windows platforms. It has been reported that Jetty does not properly sanitize requests. This could result in a user...