10 matches found
EUVD-2026-24239
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
IBM Maximo Application Suite Sensitive Tokens without 'Secure' Attribute
RISK EVALUATION IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. An unauthenticated attacker can steal cookies by directing users to a malicious http:// link and snooping user traffic. 2. RECOMMENDED PRACTICES...
CVE-2026-34767
A flaw was found in Electron, a framework used for developing cross-platform desktop applications. This vulnerability, known as HTTP response header injection, occurs when an application reflects attacker-controlled input into a response header. A remote attacker could exploit this to inject...
OESA-2025-2319 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl contains an out-of-bounds read vulnerability in cookie path comparison logic. When a secure cookie is set via HTTPS and then the client is...
GHSA-HJX6-F647-MVF9 Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Impact We have identified a Cross-Site Scripting XSS vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...
DEBIAN-CVE-2021-21332
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The...
Stored Cross-site Scripting Vulnerability in the Frontend of Guojiz Web Site Navigation System
Guojiz website navigation system is a navigation website source code developed by PHP+MySQL. A stored cross-site scripting vulnerability exists in the frontend of the Guojiz web navigation system. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...
foreman: the _session_id cookie is issued without the Secure flag
It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...
Corsaire Security Advisory: PeopleSoft IScript XSS issue
-- Corsaire Security Advisory -- Title: PeopleSoft IScript XSS issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Glyn Geoghegan [email protected] Audience: General distribution Reference: c030704-004 -- Scope -- The aim of this document is to...
CVE-2002-1160
The default configuration of the pamxauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su...