36 matches found
CVE-2022-26157
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. The ASP.NETSessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels...
CVE-2022-26155
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26158
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...
EUVD-2022-30721
Malicious code in bioql PyPI...
EUVD-2022-30722
Malicious code in bioql PyPI...
EUVD-2022-30724
Malicious code in bioql PyPI...
EUVD-2022-30723
Malicious code in bioql PyPI...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26157
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. The ASP.NETSessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26158
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...
CVE-2022-26155
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...
CVE-2022-26157
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. The ASP.NETSessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels...
CVE-2022-26158
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...
CVE-2022-26156
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...
CVE-2022-26157
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. The ASP.NETSessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels...
CVE-2022-26155
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...
CVE-2022-26158
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlle...
CVE-2022-26155
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...