SUSE CVE-2008-4195

Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script...

SUSE CVE-2011-1464

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service application crash via a small numerical value in the argument...

SUSE CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer...

SUSE CVE-2015-6837

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...

SUSE CVE-2016-10162

The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...

CVE-2023-24322

A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...

PT-2023-13985 · Re Logic · Reqlogic

Name of the Vulnerable Software and Affected Versions: ReQlogic version 11.3 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. This enables the execution of malicious code on the web...

CVE-2022-46438

The CVE-2022-46438 vulnerability affects DouPHP v1.7 (build 20221118) in the /admin/article_category.php component. It enables cross-site scripting (XSS) by injecting a crafted payload into the description parameter of the affected function, allowing execution of arbitrary web scripts/HTML in a u...

SUSE: Security Advisory (SUSE-SU-2023:0076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. PHP has a security vulnerability. An attacker exploiting the vulnerability can read or change data...

SUSE: Security Advisory (SUSE-SU-2022:4254-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the booktitle parameter...

SUSE: Security Advisory (SUSE-SU-2022:4069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-34316

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...

CVE-2022-34316

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...

CVE-2022-34316 IBM CICS TX information disclosure

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...

CVE-2022-34316 IBM CICS TX information disclosure

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...

CVE-2022-34316

CVE-2022-34316 affects IBM CICS TX 11.1, where HTTP headers may not neutralize or may incorrectly neutralize web scripting syntax, potentially enabling abuse by components that process raw headers. Public details in IBM bulletins confirm the issue and cite IBM X-Force ID 229452. CVSS metrics plac...

SUSE: Security Advisory (SUSE-SU-2022:3957-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-22125 · Ibm · Ibm Cics Tx

Name of the Vulnerable Software and Affected Versions: IBM CICS TX version 11.1 Description: The issue concerns the failure to properly neutralize web scripting syntax in HTTP headers, which can be processed by web browser components. Recommendations: For IBM CICS TX version 11.1, update to a...