Secure Web Gateway 10.2.11 - Cross-Site Scripting Vulnerability

Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...

Encode OSS Uvicorn Injection Vulnerability

Encode OSS Uvicorn is a British Encode OSS company based on uvloop and httptools build ASGI Web Server Gateway Interface server. An injection vulnerability exists in Encode OSS Uvicorn versions prior to 0.11.7, which stems from the program's failure to escape CRLF sequences in HTTP headers, and c...

CRLF Injection

net/http and net/url in github.com/golang/go are vulnerable to CRLF injection. It does not prevent a HTTP header manipulation with the ‘\r\n sequence in it, allowing a remote attacker to inject arbitrary response headers or body content via the HTTP header...

Response Splitting

HTTP response splitting occurs when untrusted data is inserted into the response headers without any sanitisation. If successful, this allows cyber-criminals to essentially split the HTTP response in two. This is abused by cyber-criminals injecting CR Carriage Return -- /r and LF Line Feed -- \n...