CVE-2024-10863

: Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before 24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side...

CVE-2025-22132

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

CVE-2022-2865

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform...

CVE-2025-22132

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

PT-2024-20658 · Dell · Dell Secure Connect Gateway (Scg) Policy Manager

Name of the Vulnerable Software and Affected Versions: Dell Secure Connect Gateway SCG Policy Manager, all versions Description: The issue is a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability,...

CVE-2022-3265

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perfo...

httpd: limited cross-site scripting in mod_proxy error page

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation...

Medium: httpd24

Issue Overview: A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/...

Investors Application Cross Site Scripting

Document Title: =============== Investors Application - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1540 Facebook Security ID: 246414938 Release Date: ============= 2016-02-12 Vulnerability Laboratory ID VL-ID:...

CMS Made Simple跨站脚本和HTML注入漏洞

Bugtraq ID:65898 CVE ID:CVE-2014-0334 CMS Made Simple是一款内容管理系统。 CMS Made Simple多个脚本不正确处理多个输入参数，允许远程攻击者利用漏洞构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。 0 CMS Made Simple 目前没有详细解决方案提供： http://www.cmsmadesimple.org/...

ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities

Title: ====== ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Date: ===== 2012-08-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=670 VL-ID: ===== 670 Common Vulnerability Scoring System: ==================================== 2.4 Introduction: =============...

Astaro Gateway v7.504 - Multiple Web Vulnerabilities

Document Title: =============== Astaro Gateway v7.504 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=8 Release Date: ============= 2012-04-07 Vulnerability Laboratory ID VL-ID: ==================================== 8 Common...

MegaSWF - Persistant Cross Site Scripting Vulnerability

Document Title: =============== MegaSWF - Persistant Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=368 Release Date: ============= 2012-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 368...

HD Moore on Metasploit, Exploitation and the Art of Pen Testing

Dennis Fisher talks with HD Moore, the founder of the Metasploit Project and the chief security officer at Rapid7, about the evolution of Metasploit, the difficulty of client-side exploitation in the age of DEP and ASLR and the decision on when to publish an exploit. Podcast audio courtesy of...