GHSA-4926-QPXG-6R3W Exposure of Resource to Wrong Sphere in Spring Data REST

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability

OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

CVE-2020-18164

SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter...

CVE-2021-26473

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebserviceo.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server...

Tennessee Valley Authority: SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015

Summary: i've found this subdomain soa-accp.glbx.tva.gov also is vulnerable to SQLI through /api/ path Steps To Reproduce: https://soa-accp.glbx.tva.gov/api/river/observed-data/GVDA1'+%2f!50000union%2f+SELECT+HOSTNAME--+- hostname dumped...

CVE-2018-16356

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter...

IBM Cloud Automation Manager Redirection Vulnerability

IBM Cloud Automation Manager is a multi-cloud self-service management platform from IBM USA. The platform supports the deployment of cloud infrastructure in multiple clouds. A redirection vulnerability exists in IBM Cloud Automation Manager version 3.1.2. The vulnerability stems from a redirectio...

idreamsoft iCMS Cross-Site Scripting Vulnerability (CNVD-2019-12119)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site scripting vulnerability exists in app/search/search.app.php in idreamsoft iCMS 7.0.14, which can be exploited by an attacker via the public/api.php?app=search q parameter...

skia/api_path_measure: Use-of-uninitialized-value in bool set_point_length<false>

Project: https://skia.googlesource.com/skia.git Detailed report: https://oss-fuzz.com/testcase?key=5673676119212032 Project: skia Fuzzer: libFuzzerskiaapipathmeasure Fuzz target binary: apipathmeasure Job Type: libfuzzermsanskia Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...

Kaltura 13.1.0 Code Execution / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton email protected CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status:...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

DEBIAN-CVE-2014-9649

Cross-site scripting XSS vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...

PT-2015-4325 · Pivotal +1 · Rabbitmq

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 2.1.0 through 3.4.x Description: A cross-site scripting XSS issue exists due to improper handling of the path info to "api/" in an error message, allowing remote attackers to inject arbitrary web script or HTML...