25 matches found
XXL-JOB v2.2.0 — Stored Cross Site Scripting
Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file. id: CVE-2020-23814 info: name: XXL-JOB v2.2.0 — Stored Cross Site Scripting author:...
CVE-2026-27130
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
CVE-2026-27130 Dokploy has Command Injection in its Service Operations
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
CVE-2026-27130 Dokploy has Command Injection in its Service Operations
Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...
Dokploy 操作系统命令注入漏洞
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient cleanup of the appName parameter input, lack of pattern validation, and dire...
PT-2026-41737
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.7 Description OS command injection occurs due to inadequate input sanitization, lack of schema validation, and direct shell interpolation. User-controlled application names are processed by the cleanAppName...
PT-2026-25734
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...
CVE-2016-20036 Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...
CVE-2016-20036 Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...
CVE-2016-20036
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...
EUVD-2021-25003
Malware in sbrugna...
Malicious code in sap-appname (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 248b7983c96f3b6b1d22995cb7f53ccbbab7c08f39c25ea24f10f8922980a0e6 The OpenSSF Package Analysis project identified 'sap-appname' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-7557 Malicious code in sap-appname (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 248b7983c96f3b6b1d22995cb7f53ccbbab7c08f39c25ea24f10f8922980a0e6 The OpenSSF Package Analysis project identified 'sap-appname' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
VulnCheck KEV: CVE-2020-23814
Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...
GHSA-PQQJ-299W-WF53 xxl-job Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
Design/Logic Flaw
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx...
Ivanti Service Manager 跨站脚本漏洞
Ivanti Service Manager is a service manager from Ivanti USA, Inc. that helps organizations meet today's regulatory and technical demands for service delivery automation workflows. A cross-site scripting vulnerability exists in Ivanti Service Manager 2021.1 that allows reflection of cross-site...
KB5001412: Setup Dynamic Update for Windows 10, version 2004 and 20H2: April 27, 2021
KB5001412: Setup Dynamic Update for Windows 10, version 2004 and 20H2: April 27, 2021 Summary This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 10, version 2004 and 20H2.This update also addresses an issue in which the user is shown...