35 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
CLSA-2026-1775033648 postgresql-jdbc: Fix of CVE-2022-21724
CVE-2022-21724: ensure arbitrary classes can't be passed instead of SocketFactory, SSLSocketFactory, CallbackHandler, HostnameVerifier - Restore testing from previous spec versions, exclude broken tests...
CVE-2026-4186
CVE-2026-4186 affects UEditor (up to version 1.4.3.2), specifically the JSONP Callback Handler’s php/controller.php?action=uploadimage path. Root cause is manipulation of the callback argument, enabling cross-site scripting. Impact is disclosed as a remote, user-interaction-requiring XSS with no ...
PT-2026-25560
A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2026-2709
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...
CVE-2026-2709
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...
CVE-2026-2709
Summary: CVE-2026-2709 affects Busy bundled up to 2.5.5, in Callback Handler (source-code/busy-master/src/server/app.js). Manipulating the argument state can cause an open redirect; the attack is remote and an exploit has been published. The project was informed via issue report but has not respo...
CVE-2026-2709 busy Callback app.js redirect
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...
CVE-2026-2709 busy Callback app.js redirect
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...
PT-2026-20646
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. T...
CVE-2026-2592
The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'ReturnfromZarinPalGateway' failing to validate that the authority token provided in...
EUVD-2025-205520
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2025-15144
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2025-15144 dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2022-50726 net/mlx5: Fix possible use-after-free in async command interface
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5cmdcleanupasyncctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5cmdcleanupasyncctx and...
PT-2025-45470
Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description An Open Redirect issue exists in the OAuth callback handler located in the file onlook/apps/web/client/src/app/auth/callback/route.ts. The application improperly validates the X-Forwarded-Host...
CVE-2022-50476
The CVE-2022-50476 issue concerns ntb_netdev in the Linux kernel where TX/RX callback handlers can run in interrupt context via the DMA framework. The root cause was calling the interrupt-unsafe dev_kfree_skb() from ntb_netdev_tx_handler() and ntb_netdev_rx_handler(); the fix uses the interrupt-c...
CVE-2024-0626
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callbackhandler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid...
SUSE CVE-2024-38622
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpucoreirqcallbackhandler callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug by...