12 matches found
CVE-2026-1439
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1439
CVE-2026-1439 describes a reflected XSS in the Graylog Web Interface console (version 2.2.3). The root cause is lack of proper sanitization and escaping in HTML output, with several endpoints including URL segments directly in responses without output encoding. Practical impact stated across sour...
CVE-2026-1439 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
PT-2026-20395
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
SUSE CVE-2023-40577
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...
UBUNTU-CVE-2023-40577
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...
PT-2022-26784 · Unknown · Rukovoditel
Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue in the Users Alerts feature /index.php?module=users alerts/users alerts allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted paylo...
PT-2022-17321 · Cuppacms · Cuppacms
Name of the Vulnerable Software and Affected Versions: CuppaCMS version 1.0 Description: The issue is related to a local file inclusion via the url parameter in the /alerts/alertConfigField.php endpoint. This allows for potential unauthorized access to local files. Recommendations: For CuppaCMS...
PT-2021-17862 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.8.0 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the "alerts.php" endpoint and the from time parameter. Recommendations: For Seo Panel version 4.8.0, consider disabling...