Cross site scripting

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

UBUNTU-CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross‑Site WebSocket Hijacking vulnerability due to missing header validation. This is documented across multiple sources (NVD entry confirms the issue and impact; connected references point to Movim commits related to the vulnerability). Affected comp...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

PT-2023-21749 · Movim · Movim

Name of the Vulnerable Software and Affected Versions: Movim versions prior to 0.22 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing header validation. Recommendations: For versions prior to 0.22, update to version 0.22 or later to resolve the...

Movim Access Control Error Vulnerability

Movim is a syndicated blogging and chat platform that acts as a web front end for the XMPP protocol. A security vulnerability exists in Movim versions prior to 0.22Z, which stems from a lack of header validation, leading to a cross-site WebSocket hijacking issue...

SSLVPN error "Websocket connection failed: Connection closed before receiving a handshake responser"

After VPN tunnel established to NetScaler gateway, user encounter access issue s to backend server with error message: "Websocket connection to 'ws:///ws/notification/site-msg/' failed: Connection closed before receiving a handshake responser"...

Oracle Linux 7 : tomcat (ELSA-2019-2205)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2205 advisory. - Resolves: rhbz1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz1552375 CVE-2018-1304 tomcat: Incorrect handling of emp...

Oracle Linux 7 : tomcat (ELSA-2020-4004)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4004 advisory. - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS - Resolves: CVE-2020-9484 tomca...

Fedora: Security Advisory for libwebsockets (FEDORA-2023-6a87c003c4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: libwebsockets-4.3.2-5.fc38

This is the libwebsockets C library for lightweight websocket clients and servers...

HTML5 external users are not able to launch applications via Netscaler Gateway, Workspace works.

Users connecting externally are not able to launch connections with the Light HTML5 browser access but are able to launch with the Workspace App. Error displayed: "Citrix Workspace app cannot connect to the server. Please check your network connection or contact your help desk for assistance."...

The vulnerability of the WebSocket component of the cross-platform development framework for Qt software, which allows a hacker to trigger a service failure.

The vulnerability of the WebSocket component of the cross-platform software development framework for Qt is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Insufficient Session Expiration

github.com/argoproj/argo-cd is vulnerable to Insufficient Session Expiration. The vulnerability exists because web terminal sessions in the library do not expire, which allows an attacker to send a websocket messages even if the token has already expired, leading to sensitive information...

CVE-2023-40025 Argo CD web terminal session doesn't expire

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

CVE-2023-40025 Argo CD web terminal session doesn't expire

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

CVE-2023-40025 Argo CD web terminal session doesn't expire

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

[SECURITY] Fedora 37 Update: python-aiohttp-3.8.5-1.fc37

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-105880e618)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to enable WebSocket on load balancing virtual server

...