EUVD-2024-1815

Malicious code in bioql PyPI...

EUVD-2022-7541

Malicious code in bioql PyPI...

get-header-ip 代码注入漏洞

get-header-ip is an interface for Yige Personal Developer to get client IP address. A code injection vulnerability exists in get-header-ip 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15 and earlier versions, which stems from incorrect manipulation of the callback parameter of the function ip in the fil...

Linux Distros Unpatched Vulnerability : CVE-2013-7342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web...

Linux Distros Unpatched Vulnerability : CVE-2013-7343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web...

Linux Distros Unpatched Vulnerability : CVE-2022-3697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an...

WordPress plugin Ninja Tables 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Ninja Tables plugin has a code issue vulnerability , the vulnerability stems from argscallback parameter deserialization untrustworthy inputs , an attacker can use thi...

CVE-2022-40002

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

CVE-2021-36760

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...

CVE-2020-21643

Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...

CVE-2018-13865

An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism...

CVE-2012-4283

Cross-site scripting XSS vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter...

The vulnerability of the sub_452A4() function in the Tenda AC6 router’s microprogramming system, which allows a hacker to cause a service failure.

The vulnerability of the sub452A4 function in the Tenda AC6 router’s microprogramming system is related to the operation of writing data outside the buffer in memory when processing the callback parameter. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

RockOA cross-site scripting vulnerability (CNVD-2024-33675)

RockOA Xinhuo is an open source office OA system. A cross-site scripting vulnerability exists in RockOA 2.6.3, which originates from a callback parameter in the /webmain/public/upload/tplupload.html file containing cross-site scripting. No details of the vulnerability are available at this time...

PT-2024-37977 · Unknown · Xinhu Rockoa

Name of the Vulnerable Software and Affected Versions: Xinhu RockOA version 2.6.3 Description: A vulnerability was found in the function okla of the file /webmain/public/upload/tpl upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched...

RockOA 跨站脚本漏洞

RockOA Xinhuo is an open source office OA system. A cross-site scripting vulnerability exists in RockOA 2.6.3, which originates from a callback parameter in the /webmain/public/upload/tplupload.html file containing cross-site scripting. No details of the vulnerability are available at this time...

CVE-2024-35180

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...

CVE-2024-35180 OMERO.web JSONP callback vulnerability

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...