Lucene search
K

34 matches found

Cvelist
Cvelist
added 2025/02/10 10:5 p.m.10 views

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS0.00418EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/10 10:5 p.m.5 views

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References2
CVE
CVE
added 2025/02/10 10:5 p.m.52 views

CVE-2025-25189

CVE-2025-25189 describes a reflected cross-site scripting vulnerability in the ZOO-Project Web Processing Service (WPS) publish.py CGI script, prior to commit 7a5ae1a. The issue stems from the script reflecting the user-supplied jobid parameter into the HTML response without HTML encoding or sani...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References2
OSV
OSV
added 2025/02/10 10:5 p.m.7 views

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS6.2AI score0.00418EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

ZOO-Project 跨站脚本漏洞

ZOO-Project is an open source processing platform from ZOO-Project Open Source. A cross-site scripting vulnerability exists in ZOO-Project that stems from the EchoProcess service failing to perform proper security checks on SVG content when processing user input...

6.9CVSS5.9AI score0.00511EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.3 views

PT-2025-6112 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The issue is related to a reflected Cross-Site Scripting vulnerability in the ZOO-Project Web Processing Service WPS publish.py CGI script. This vulnerability occurs because the script...

6.9CVSS6.5AI score0.00418EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.1 views

ZOO-Project 跨站脚本漏洞

ZOO-Project is an open source processing platform from ZOO-Project Open Source. ZOO-Project suffers from a cross-site scripting vulnerability that stems from the publish.py CGI script reflecting user input for the jobid parameter directly into the HTTP response without HTML coding or cleanup...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.5 views

PT-2025-6113 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service. The vulnerability exists because the EchoProcess service...

6.9CVSS5.9AI score0.00511EPSS
Exploits0References9
NVD
NVD
added 2024/12/04 11:15 p.m.12 views

CVE-2024-53982

ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...

8.7CVSS0.0046EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/04 10:20 p.m.10 views

CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example

ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...

8.7CVSS6.8AI score0.0046EPSS
Exploits0References2
CVE
CVE
added 2024/12/04 10:20 p.m.58 views

CVE-2024-53982

CVE-2024-53982 affects the Zoo-Project WPS implementation, specifically the Echo example. The vulnerability arises from lack of input validation in a file-caching parameter, enabling an attacker to fully control the file returned in the response (path traversal). A patch was committed on 2024-11-...

8.7CVSS6.4AI score0.0046EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/04 10:20 p.m.19 views

CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example

ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...

8.7CVSS0.0046EPSS
Exploits0References2
OSV
OSV
added 2024/12/04 10:20 p.m.7 views

CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example

ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...

8.7CVSS6.8AI score0.0046EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.4 views

ZOO-Project 代码问题漏洞

ZOO-Project is an open source processing platform from ZOO-Project Open Source. A code issue vulnerability exists in ZOO-Project that stems from not performing input validation and a path traversal vulnerability that allows an attacker to take full control of the files returned in a response...

8.7CVSS6.9AI score0.0046EPSS
Exploits0References2
Rows per page
Query Builder