GHSA-XPXP-R8HF-WGF6 WSO2 products vulnerable to Cross-site Scripting

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

PT-2023-18513 · Unknown · Go-Ipld-Prime

Name of the Vulnerable Software and Affected Versions: go-ipld-prime versions prior to 0.19.0 Description: The issue arises when encoding data that contains a Bytes kind Node using the json codec, causing the encoder to panic as it does not expect to receive Bytes tokens. This should be treated a...

CVE-2020-6254

SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting...