Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34490)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "name" parameter...

Buffer not correctly recycled in Gzip Request inflation

Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see...

GHSA-86WM-RRJM-8WH8 Buffer not correctly recycled in Gzip Request inflation

Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see...

GHSA-58W4-W77W-QV3W Reflected XSS with parameters in PostComment

Impact An attacker could inject malicious web code into the users' web browsers by creating a malicious link. Patches The problem is fixed in 4.2.0 References Cross-site Scripting XSS - Reflected CWE-79...

Prototype Pollution

json-logic-js is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Git Plugin Stored XSS Injection Vulnerability

Git is a free, open source distributed version control system. Git Plugin Stored suffers from an XSS injection vulnerability, which allows an attacker to conduct an xss attack on the corresponding program to obtain other information on a system or file...

CVE-2018-19015

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor Versions 3.42 and prior through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application...

Insufficient URI encoding in restforce

A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...

Joomla! Component Calendar Planner 1.0.1 - SQL Injection

Exploit Title: Joomla! Component Calendar Planner 1.0.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://joomlathat.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/calendar-planner/ Demo: http://demo.joomlathat.com/ Version: 1.0.1...

MySQL Eventum index.php email Parameter XSS

The MySQL Eventum install hosted on the remote web server is vulnerable to a cross-site scripting attack because it fails to sanitize user-supplied input to the 'email' parameter of the 'index.php' script before using it to generate dynamic HTML output. With a specially crafted URL, an attacker c...

CVE-2004-1202

Cross-site scripting XSS vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2004-1059

Multiple cross-site scripting XSS vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the 1 next and 2 prev result search pages, and the 3 extended and 4 simple search forms...