4 matches found
CVE-2026-9245
Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...
PT-2026-42791
Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...
nopCommerce 输入验证错误漏洞
nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce version 4.50.1, which originates from an open redirection vulnerability triggered by clicking a specially crafted link to authenticate against a nopCommerc page...
CVE-2018-15528
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "selectsso" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?XSS link and then...