CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

PT-2021-23348 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.1.3 Description: The issue allows unauthorized viewing of a response, which may disclose sensitive build or configuration details, via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request...

mod_auth_mellon security and bug fix update

0.14.0-11 - Resolves: rhbz1731053 - CVE-2019-13038 modauthmellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft rhel-8 0.14.0-10 - Resolves: rhbz1761774 - modauthmellon fix for AJAX header name X-Requested-With...