PT-2021-7415 · Udisks2 +7 · Udisks2 +7

Name of the Vulnerable Software and Affected Versions: udisks2 affected versions not specified Description: The issue is related to the Udisks program for querying and managing storage devices, specifically for ext2/3/4 file systems. It is caused by the default configuration to stop the machine i...

GHSA-FH63-4R66-JC7V Cross-site scripting (XSS) in Apache Velocity Tools

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

DEBIAN-CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

DOS vulnerability for Quoted Quality CSV headers

Impact When Jetty handles a request containing request headers with a large number of “quality” i.e. q parameters such as what are seen on the Accept, Accept-Encoding, and Accept-Language request headers, the server may enter a denial of service DoS state due to high CPU usage while sorting the...

jetty: full server path revealed when using the default Error Handling

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

GHSA-F5F4-M7QP-W6GC Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

Cross-site Scripting (XSS)

Jooby is vulnerable to cross-site scripting XSS. The attack can be triggered when an attacker inject a malicious script through the default error handler...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM Secutity Identity Governance and Intelligence (CVE-2016-0378 )

Summary There is a potential information disclosure in WebSphere Liberty Profile, shipped as a component of IBM Secutity Identity Governance and Intelligence. Vulnerability Details CVEID: CVE-2016-0378 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain...

CVE-2016-0378

IBM WebSphere Application Server WAS Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception...

Cross-site Scripting (XSS)

Grails-core is vulnerable to cross-site scripting XSS attacks through the default error handler. The default error handler does not sanitize user-input values when displaying an error, allowing an attacker to inject arbitrary Javascript code into a victim's browser...

IBM WebSphere Application Server Liberty Information Disclosure Vulnerability

IBM WebSphere Application Server is an application server product developed and distributed by IBM in the United States, which is a platform for Java EE and Web services applications. IBM WebSphere Application Server The program fails to properly handle exceptions when the default error page does...

Macromedia Sitespring 1.2 Default Error Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5249/info Macromedia Sitespring is a J2EE-compliant product for managing website production. The Macromedia Sitespring server runs on Microsoft Windows operating systems. A cross-site scripting issue has been reported in...

Mayaa cross-site scripting vulnerability

Overview Mayaa from Seasar Project contains a cross-site scripting vulnerability. Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability. Tetsuo Nakamura of NEC Soft,Ltd. reported this vulnerabilit...

Sun Java System Web Server cross-site scripting vulnerability

Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...

Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page

Overview A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies. Description From Sun Alert Notification 102164: A Cross Site Scripting XSS vulnerability in various releases of the Sun Java System Web...

Cross site scripting

Cross-site scripting XSS vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a 1 .cfm or 2 .cfml file, which reflects the result in the default error page...