25 matches found
CVE-2020-11944
Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...
Cross site scripting
Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...
CVE-2020-11944
Abe aka bitcoin-abe through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATHINFO environment variable is mishandled during a PageNotFound exception...
CVE-2020-11944
CVE-2020-11944 affects Abe (bitcoin-abe) up to versions 0.7.2 and 0.8pre, where an XSS flaw exists in abe.py__call__ caused by mishandling PATH_INFO during a PageNotFound exception. The issue is triggered via client-supplied data and could enable script execution in the browser of an unsuspecting...
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ IBM WebSphere Application Server Cross-Site Request Forgery 1. Advisory Information Title: IBM...