GHSA-GWVM-45GX-3CF8 Authorization Header forwarded on redirect

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

urllib3 Input Validation Error Vulnerability

urllib3 is a Python HTTP library. It features thread-safe connection pooling, file publishing support, and more. A security vulnerability exists in urllib3 versions prior to 1.24.2, which stems from a vulnerability that allows an attacker to obtain credentials in an authorization header or transm...

PT-2023-23121 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.24.2 Description: A stored Cross-site scripting XSS issue in Text Editors and Formats allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content...

MediaWiki Denial of Service Vulnerability (CNVD-2015-02420)

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki version 1.24.x before 1.24.2. When the program uses the PBKDF2 algorithm to generate hashed passwords, a remote attacker can exploit the vulnerability to cause a denial of service CPU consumption with the help of extra-long...

DEBIAN-CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...