3 matches found
soccerconcept.at Cross Site Scripting vulnerability OBB-3889092
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
'/WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2014-2857
The CVE refers to the Grails Resources plugin (versions 1.0.0–1.2.5) used with Grails 2.0.0–2.3.6. Root cause: by default, the plugin does not restrict access to /WEB-INF or /META-INF, enabling information disclosure via direct requests. Affected configurations include the default setup; the issu...