16 matches found
EUVD-2026-38634
FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...
CVE-2019-25586
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...
CVE-2026-25673
A flaw was found in Django. A remote attacker can exploit a vulnerability in the URLField.topython function, specifically when Django is running on the Windows platform. This function, which utilizes urllib.parse.urlsplit, performs a disproportionately slow normalization process for certain Unico...
CVE-2026-25673
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
SolarWinds Observability Self-Hosted 跨站脚本漏洞
SolarWinds Observability Self-Hosted is an observation platform from SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Observability Self-Hosted, which stems from a cross-site scripting vulnerability in a user-created URL field that could lead to an attack by a...
go-git: argument injection via the URL field
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
UBUNTU-CVE-2023-32721
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL...
D-Link DIR-823G 安全漏洞
The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in the URL fiel...
PT-2023-17407 · WordPress · Pretty Url
Name of the Vulnerable Software and Affected Versions: Pretty Url WordPress plugin versions 1.5.4 and earlier Description: The issue arises from the plugin's failure to sanitize and escape the URL field in its settings, potentially allowing high-privilege users to perform Stored Cross-Site...
PT-2023-6100 · Zabbix +4 · Zabbix +4
Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: A stored XSS issue has been identified in the Zabbix web application, specifically in the Maps element. This occurs when a URL field is set with spaces before the URL. The vulnerability is...
PT-2023-3481 · D Link · D-Link Dir-823G
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G firmware version 1.02B05 Description: The issue is related to a buffer overflow in the implementation of the HNAP1 protocol in the D-Link DIR-823G router's firmware. This occurs when processing the SetParentsControlInfo...
SUSE CVE-2019-13068
public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...
CVE-2020-9338
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field...
Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37741)
Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A cross-site scripting vulnerability exists in Horde Groupware version 5.2.19. A remote attack...
DEBIAN-CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...