5 matches found
External Control of Assumed-Immutable Web Parameter
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the SessionCodeChecks restart flow in the login sessi...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the V8 process. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page. Remediation Upgrade chromium to version 140.0.7339.207 or higher...
Craft CMS < 4.15.3 / 5.x < 5.7.5 External Control of Assumed-Immutable Web Parameter
The version of Craft CMS installed on the remote host is prior to 4.15.3 or 5.x prior to 5.7.5. It is, therefore, affected by an external control of assumed-immutable web parameter vulnerability: - Craft CMS redirects requests that require authentication to the login page and generates a session...
CVE-2023-24373
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...