Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the rules.http.paths.path field, which allows injection of configuration into the nginx process. An attacker can execute arbitrary code and access sensitive Secrets by crafting malicious input to this field...

EUVD-2020-16821

Malware in sbrugna...

CodeIgniter 代码注入漏洞

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.3.5 that stems from a problem with the validation method and in-model validation in the controller, allowing an attacker to execute arbitrary code...

Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally...

CVE-2020-24085

A cross-site scripting XSS vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code...

Cross site scripting

A cross-site scripting XSS vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code...

CVE-2020-24085

CVE-2020-24085 affects MISP v2.4.128 in app/Controller/UserSettingsController.php SetHomePage(); lack of validation in the path parameter enables cross-site scripting (XSS) by injecting JavaScript. Reported as an XSS with CVSSv2 base 4.3 (MEDIUM) and CVSSv3.1 base 6.1 (MEDIUM). Connected sources ...