16 matches found
EUVD-2020-0480
Malware in sbrugna...
CodeIgniter 4 安全漏洞
CodeIgniter 4 is a PHP full-stack web framework open-sourced by CodeIgniter. A security vulnerability exists in CodeIgniter 4 version 4.6.0, which stems from improper cleanup of the debugbartime parameter and could lead to stored cross-site scripting...
CVE-2020-11094
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as...
CVE-2020-11094
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as...
CVE-2020-11094
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as...
Design/Logic Flaw
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as...
October CMS debugbar plugin log message disclosure vulnerability
October CMS is a PHP and Laravel Web application framework based on open source content management system CMS. debugbar plugin is used in which an application debugging bar plugin . A log information disclosure vulnerability exists in the October CMS debugbar plugin prior to version 3.1.0, which ...
CVE-2020-11094
CVE-2020-11094 affects the October CMS debugbar plugin prior to v3.1.0. The issue is an information disclosure vulnerability where the plugin logs all requests, including session data, which could allow untrusted users to view sensitive information. Affected component is the debugbar feature that...
CVE-2020-11094 Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as...
GHSA-C8WH-6JW4-2H79 Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Impact The debugbar contains a perhaps little known feature where it will log all requests and all information pertaining to each request including session data whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potenti...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Remediation Upgrade maximebf/debugbar to...
Design/Logic Flaw
DISPUTED The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is no...
DEBIAN-CVE-2017-18343
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a...
UBUNTU-CVE-2017-18343
DISPUTED The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is no...
CVE-2017-18343
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a...
CVE-2017-18343
The CVE-2017-18343 issue concerns Symfony Debug component (symfony/debug) with an XSS in the debug/exception pretty printing path. Affected versions are Symfony 2.x/3.x prior to the listed fixed points (2.7.33, 2.8.26, 3.2.13, 3.3.6). The vulnerability arises in the debug handler via an array key...