42 matches found
EUVD-2026-23928
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...
CVE-2026-23753
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...
CVE-2026-23753
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...
CVE-2026-23753 GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...
CVE-2026-23753 GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFTLanguage::Create without HTML sanitization and subsequently rendered unsanitized by ViewLanguage.RenderGrid. An...
CVE-2026-23753
GFI HelpDesk
GFI HelpDesk å®å Øę¼ę“
GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the charset POST parameter in...
PT-2026-33821
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT Language::Create without HTML sanitization and subsequently rendered unsanitized by View Language.RenderGrid. An...
ROS-20251030-10
A vulnerability in the qDecodeDataUrl function of the QtCore module of the Qt cross-platform development framework Qt software development framework is related to insufficient input data validation when processing the parameter charset. Exploitation of the vulnerability could allow an attacker...
EUVD-2011-4661
Malware in sbrugna...
EUVD-2011-4686
Malware in sbrugna...
EUVD-2011-4773
Malware in sbrugna...
EUVD-2011-4850
Malware in sbrugna...
RHEL 8 : mod_security_crs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...
SUSE CVE-2011-4940
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
CVE-2022-39957
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
Design/Logic Flaw
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
Cross-site Scripting (XSS)
Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...