27 matches found
CVE-2026-27779
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...
EUVD-2026-41637
Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation...
CVE-2024-23983
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules...
Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...
Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 5814 by...
CVE-2024-45612 Insert tag injection via canonical URL in Contao
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...
CVE-2024-45612 Insert tag injection via canonical URL in Contao
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...
CVE-2023-32301 Discourse's canonical url not being used for topic embeddings
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...
SUSE CVE-2013-4558
The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...
Contao 4.13.2 - Cross-Site Scripting Vulnerability
Exploit Title: Contao 4.13.2 - Cross-Site Scripting XSS Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://contao.org/en/ Software Link: https://github.com/contao/contao/releases/tag/4.13.2 Version: 4.13.2 Tested on: KALI OS CVE : CVE-2022-1588 References: -...
Contao 4.13.2 Cross Site Scripting
Exploit Title: Contao 4.13.2 - Cross-Site Scripting XSS Google Dork: NA Date: 04/28/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://contao.org/en/ Software Link: https://github.com/contao/contao/releases/tag/4.13.2 Version: 4.13.2 Tested on: KALI OS CVE : CVE-2022-15...
SEOmatic plugin for Craft CMS SSTI Vulnerability
A Server Side Template Injection SSTI was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code...
GHSA-2MVG-C6MG-3Q63 Concrete CMS vulnerable to cross-site scripting (XSS)
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header. This is stored...
Cross site scripting via canonical URL
More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...
Cross site scripting via canonical URL
More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...
HTML Injection
concrete5 is vulnerable to HTML injection. If there is no canonical URL defined during setup, a malicious user can initiate a GET request with any domain name in the HOST header, allowing for arbitrary domains to be set for certain links. It can also act as a potential vector for cross-site...
Design/Logic Flaw
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...
CVE-2017-7725
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...
CVE-2017-7725
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...
[SECURITY] Fedora 25 Update: drupal7-metatag-1.21-1.fc25
The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...