PT-2025-34773 · Unknown · Selectzero Data Observability Platform

Name of the Vulnerable Software and Affected Versions: SelectZero Data Observability Platform versions prior to 2025.5.2 Description: Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page. Recommendations: Update SelectZero...

CVE-2021-35451

In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application...

Arbitrary Text Injection

Kiali is vulnerable to content spoofing. The vulnerability is due to implement proper error handling when a page or endpoint being accessed is not found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed...

Kiali content spoofing vulnerability

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

GHSA-6F4M-J56W-55C3 Kiali content spoofing vulnerability

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

CVE-2022-3962

CVE-2022-3962 affects Kiali and is described as a content spoofing vulnerability. The issue arises because Kiali does not implement proper error handling when the target page or endpoint cannot be found, permitting an attacker to inject arbitrary text via error responses retrieved from the URL. T...

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being...

Judge.me : Error Page Content Spoofing or Text Injection

Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, an attacker can supply conten...

Red Hat OpenShift web console resource management error vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. web console is one of the web-based console programs. A resource management error vulnerability exists in the Red Hat OpenShift web...

CVE-2019-1680

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

Input validation

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious UR...

SUSE-SU-2019:13924-1 Security update for mailman

This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal vulnerability in MTA...

SUSE SLES12 Security Update : mailman (SUSE-SU-2018:4296-1)

This update for mailman fixes the following security vulnerabilities : Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 Fixed a directory traversal...

SUSE-SU-2018:4296-1 Security update for mailman

This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs bsc1077358 CVE-2018-5950 - Fixed a directory traversal...

Claroline 1.8.11 Cross Site Scripting

Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...